Cybercriminals switch to Tumblr and Pinterest
9th May 2012 | 09:31
Online scammers targeting new social media sites
The latest research by security business GFI Software has seen an increase in the use of new social media sites such as Twitter, Tumblr and Pinterest by online scammers in order to spread malware and spam surveys.
Christopher Boyd, senior threat researcher at GFI Software commented. "Established sites like Facebook and Twitter have long been a breeding ground for new cyber-attacks, but now we are seeing scammers taking an interest in the popularity of newer sites like Pinterest in order to catch victims off guard and trick them into clicking on something they shouldn't."
Twitter users were the quarry of cybercriminals looking to distribute fake antivirus applications during a particularly vicious spam run, which tweeted a link labelled "must-see" from numerous compromised accounts and spam-bots. Followers unlucky enough to click on the links were directed to a site infected with a fake antivirus program.
Once installed, the program constantly alerted users that their machine was infected and requested payment to clean up the system. The next day, additional links used the Blackhole exploit kit to infect victims' machines with malware before automatically sending them to a site that was hosting another scareware program called "Windows Antivirus Patch."
Twitter was also used as a platform to take advantage of users on Pinterest, a social networking site which is rapidly gaining popularity. A spam campaign using the account "Pinterestdep" claimed to be offering Visa gift cards to users willing to provide their opinions about Pinterest. Instead of being directed to a user feedback form, victims were sent to a site which required them to complete up to 11 reward offers and to refer three friends to do so as well.
Scammers also took advantage of Tumblr users who mistakenly entered "Tublr" into their web browser when attempting to access the popular micro-blogging site and redirected them to a message that claimed the victim had been selected as a "daily winner." Like the scam on Pinterest, the victim was then asked to fill out surveys or complete other offers in order to claim the prize.
In a rehash of a popular lure used previously on Facebook and MySpace, scammers tricked users into installing a fake application which promised to show them a list of people who had viewed their profile. The application did little more than tag the victim's friends in a spam image in order to spread the fake application among their network and serve them with surveys that generate affiliate cash for the scammer.