I have been getting a lot of twitter malware links tonight that uses a pretty simple browser based exploit that is easily caught by just about any anti-virus. But tonight malware links are making the rounds, and unfortunately they are going everywhere. So far have about 3 accounts I follow in the comic book community sending malware shortened links right now as direct messages.
Malware is nothing new, but the annoyance factor is there, don’t click that link. I’ll try to do an analysis of the data, but the shortened link points to twitterjr.com (don’t go there). The server resets when accessing (if you do go there use a virtual machine), then downloads the payload. It looks like it is multi-stage, so not just from Twitterjr, it probably goes deeper than that.
The shortened link ez.cm is registered in Cameroon, but held through ENOM in the USA, so it is probably just a front for a deeper DNS issue.
Keeps things interesting.
Related articles
- New Malware Hides From Anti-Virus Software In Your BIOS [News] (makeuseof.com)
- Security firms: Android malware set to skyrocket (go.theregister.com)
- Windows 8 to have built-in anti-virus – there’s good and bad news (nakedsecurity.sophos.com)
