Backdoors in Twitter, Now in Arabic
Twitter is becoming a common medium to spread spam, malware and all kinds of badness. Just a few weeks ago, we wrote about FIFA and the Gaza attacks being used as social engineering leverage by Trojan creators, and there are no signs of them stopping any time soon.
Over the past two weeks, several Twitter accounts were created for the sole purpose of tweeting Poison Ivy or Bifrost download links. Both Poison Ivy and Bifrost are backdoors, malicious programs that allows an unauthorized user access to the infected machine. Interestingly, these backdoor programs are uploaded at either freewebtown.com or leadhoster.com, both free web hosting sites.
Cybercrime groups it seems, are broadening the scope of their social engineering by employing localization techniques. Quite clever huh?
Lastly, these rogue Twitter accounts either have very few or no followers and following, which means the only way for potential victims to see the backdoor URL is to do a Twitter Search with the appropriate keywords. Hmmm… blackhat SEO Twitter style anyone?