Goo.gl Fake Antivirus

Enthusiastic Twitter users are being taken on an unexpected and unpleasant ride by a Goo.gl fake antivirus application. The shortened Goo.gl URL lures unsuspecting victims with an offer for antivirus software that they believe will eradicate viruses that are allegedly infecting their computers. The Goo.gl fake antivirus link opens the door to this invasive and malicious worm.

Once a Twitter user clicks on the Goo.gl link, they are unwittingly taken to a site where they are prompted to download security shield software for antivirus protection. Twitter users are mistakenly led to believe that a virus is attacking their computers, and this, quite understandably, instills fear in the user that can lead to rash action. Encouraged by this fearful mindset, they click on the fake Goo.gl URL and unknowingly download the rogue software that is fraught with malicious code.

Perpetrators of these types of attacks have become proficient in using legitimate techniques such as condensing a long link to produce a short URL, which they then use to hide malicious codes within the abbreviated link. This is not a new technique, and it is not that challenging for technologically savvy hackers to execute. The creation of a shortened URL such as the fake Goo.gl antivirus link allows the perpetrators to easily access sites such as Twitter, which limits their users’ messages to 140 characters, requiring the use of URL shortening to share links with other Twitter users.

McAfee Labs principal researcher Adam Wosotowsky sheds some further insight into the abuse of shortened URLs such as the Goo.gl fake antivirus link for malicious purposes. As Wosotowsky states, “Shortened URL sites are not one-hundred percent malicious, so blocking the domain completely can cause false positives, which is something researchers try to avoid. Goo.gl is an example of a site associated with Google, so blocking the domain may be frowned upon by Google, allowing the spammer to continually abuse the site.” In addition, Wosotowsky explained that in the case of the Goo.gl fake antivirus link, “The attack was most likely a Trojan that began by Twitter phishing, possibly by a social media worm like Koobface.”

Individuals with compromised Twitter accounts are noticing tweets they did not author showing up on their feeds. Furthermore, instead of a containing a message, the tweet usually only shows up as the Goo.gl fake antivirus software link with a URL that ends with the characters: “m28sx.html."

The fact that there have been attacks on compromised Twitter accounts would suggest that account holders' usernames and passwords might have been stolen or otherwise used by hackers using some method for obtaining unauthorized access. Other affected Twitter users might still be oblivious to the Goo.gl fake antivirus site and the ramifications involved when they unknowingly download malicious code, thinking instead that they are protecting their computers with legitimate antivirus software. It would seem prudent for those users who have already discovered that their Twitter accounts have been compromised to change their passwords immediately to prevent any further attacks while Twitter searches for a solution to the problem.

At TopTenREVIEWS We Do the Research So You Don't Have To.™