Huge Twitter spam campaign for fake antivirus discovered

Kasperksy today discovered a new spam campaign on Twitter pushing fake antivirus software. Since it is still ongoing, the numbers for it are likely much higher than what the security firm first reported: 540 compromised Twitter accounts sent out 4148 tweets, linking to a total of 44 unique domains (most of them hosted on .tk and .tw1.su).

A quick search on Twitter shows that the scam is still rampant. Here are a handful of tweets I saw while writing this article, to give you an idea of what the spam looks like:

@[real Twitter user] ” mystical ” [link] proven anti-virus

@[real Twitter user] ” commercial ” [link] proven anti-virus

@[real Twitter user] ” crisco ” [link] proven anti-virus

@[real Twitter user] ” banc ” [link] proven anti-virus

@[real Twitter user] ” meow ” [link] proven anti-virus

The compromised accounts spammed up to 8 messages per second, with links sending users to the infamous BlackHole exploit kit (see links below). As you can see in the screenshot above, if you click one of these links, you’re prompted with the following bogus warning: “Windows Antivirus 2012 has found critical process activity on your PC and will perform fast scan of system files!”