Twitter Trending Topics Used to Propagate Rogue AV

Version imprimable, PDF et e-mail

Posted by: Barracuda Labs

Last night, a Purewire employee was directed to a Rogue AV website after clicking on a link in a tweet that matched a popular topic. Subsequent analysis uncovered an active Rogue AV propagation campaign that attempts to lure users to malicious websites via tweets that contain popular terms searched on Twitter.

The malicious tweets draw part of their word content from Twitter’s Trending Topics list; a screenshot of the list at the time of this writing.


Twitter Trending Topics

Searches that use some of the above topics lead to these tweets.



which acts as a traffic distribution system for a Rogue AV operation; the chain of redirections ends at one of the following Rogue AV distribution points.


All of the above sites serve javascript-based fake system scanners.


which attempt to compel the user to download Windows PC Defender, a brand of Rogue AV software. AV detections for the Rogue AV malware instance served are non-existent:

Users of the PWSS are protected from this campaign.

Remonter en haut de page