HomeSocial EngineeringSocial Engineering – Fake TwitterIM Download

Social Engineering – Fake TwitterIM Download

Written by traversecode on . Posted in Social Engineering

Introduction:

Cyber Criminals use different ways to compromise users. One of the best way they use is Social Engineering. They use people innocence to fool them and make them to download malicious file and thereby stealing user information or downloading fake products. Though we use different Antivirus to keep our system secured few Malware escapes from the detection. Such analysis which uses Twitter for social Engineering is below.

Analysis:

I was surprised when I received a mail from Google Groups. The reason for the surprise is an open source Twitter IM client is released. The mail explained with the features of Twitter IM and provided a link to download.

Twitter Mail

The moment I was about to click on the link, I felt the link is suspicious. So I decided to open the link in an virtual environment.

Yup. What I suspected was correct. It opened a usual flash page which required Video ActiveX Object. But the flash page was not like a usual fake You tube page. It resembled windows media player which requires a codec to stream the video.

Activex

After sometime I contacted the same URL “hxxp://abcde.com/twitterimdownload” to check if the Domain is still active. This time it displayed a flash page but it had different theme which was not like the previous one.

Flash2

This again downloaded the same file from the remote server “install.exe”. But there were no Detections for the file except three.

Virus Total Results: http://www.virustotal.com/analisis/aabf30f0630f8b42c0d0cec6b24823be6bd2fdbfcc0fdf6a1ad8385d5c67a53e-1264792209

Conclusion:

Cyber Criminals are targeting Social Networking sites or using Social networking site names to do such activity. This is because the number of users in Social Networking sites are more than comparing others.  Moreover people who use Social Networking Sites are not too technical which is a great advantage for Cyber Criminals. Lets Be-aware of such Social Engineering.

Trackback from your site.

Comments (10)

  • rajiv

    |

    Hi Shiva…

    Your findings are always being very helpful…..

    Reply

  • Mystery !!

    |

    I have the code for Orkut hack.. which is wide spread now.. Its a simple Java script..

    Reply

  • Daniel

    |

    Shiva thanx!! u help us a great deal!!

    In other words thanx Hrithik ;)

    Reply

    • Shiv - Threat Research Analyst

      |

      Hey Thanks Danny.. Do forward these to your friends, lets create awareness together.. Nice to see your comment

      Reply

  • Lakshmi

    |

    This is awesome, very well explained , thanks Shiv :)

    Reply

  • Raj

    |

    Hey !
    The info. is based on active observation from your side.. Tht’s perfectly great, but it would be good if we could get to know much more internal things about it..
    Keep up the good work !

    Reply

    • Shiv - Threat Research Analyst

      |

      In “Chase Bank Phishing scam Mail” post I even hacked in to the web server to get the PHP code which emails the stolen information to the hacker. But this post I did not concentrate much on Internals. I’ll do work more on Internals on my future posts. Thanks for the feedback Raj.

      Reply

Leave a comment