There is a spam campaign going on Twitter that promotes Blackhole exploit kit or some fake antiviruses. The messages look like “young girls are waiting” or similar. Sure, these messages look spammy like hell, but some people click on them and land in fake online scanner pages. Such pages resemble MS Windows Explorer window and impersonate some sort of security scan that recommends downloading a fix for malware detected. You can be sure that downloading such software will install Rogue av on your PC.Smart Fortress 2012 screenshot

The most aggressive rogue distributed is Smart Fortress 2012. This rogue kills almost every process, though you can delete it with anti-malware programs renaming them to .com before launch. A video of the removal process is bellow. For couple alternative ways to uninstall Smart Fortress, visit the guide page on 2-viruses.com.

Another rogue distributed by such scanners belong to FakeVimes family. These rogues change name daily and are relatively easy to remove. The bigger issue is fixing registry that is seriously messed up. They disable majority of antivirus and anti-malware programs.

Sometimes infected Twitter messages lead to pages pushing Zeroaccess or other rootkit. These parasites are installed though exploits, and they are far more stealthy than rogue AV.

I recommend being cautious when using twitter and do not click on such out of context messages.

Update
Another version of this scam pushes antivirus check pages directly. The messages redirect users to .tk domains with phrases like “online viruscheck”, “excelent anti-virus” and so.

Categories: Security

Giedrius Majauskas

I am a internet company owner and project manager living at Lithuania. I am interested in computer security, health and technology topics.

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.