New Malware Campaign Spreads Fake Twitter and Facebook Messages about Obama and Racism, According to PandaLabs

 New Malware Campaign Spreads Fake Twitter and Facebook Messages about Obama
                      and Racism, According to PandaLabs

- Fake direct messages on Twitter include a Facebook link to a supposed video
of President Obama punching a man; scam causes users to download Koobface.LP

PR Newswire

ORLANDO, Fla., Nov. 13, 2012

ORLANDO, Fla., Nov. 13, 2012 /PRNewswire/ -- PandaLabs, Panda Security's
anti-malware laboratory, has detected a new Twitter spam campaign that may
compromise user security. Users receive a direct message on Twitter, which
contains the text "Check out Obama punch a guy in the face for calling him a
n*****," and a malicious link to a fake Facebook page. Click here for a
screenshot of this message:

If the user clicks the link, they are taken to a bogus Facebook page where
they are prompted to submit their Twitter log-in details. However, if the user
enters their credentials, the malware will hijack their account in order to
send the same malicious message to all of their contacts:

The user is then taken to a website that displays a fake YouTube video set
against a fake Facebook background. This time, the victim is asked to update a
'YouTube player' to watch the video: As
typical with this type of scam, if the user clicks on the 'Install' button,
the Koobface.LP worm is downloaded, infecting their computers and attempting
to steal all their personal data.

"This attack exploits the two most popular social networking sites, Facebook
and Twitter, to trick users into believing they are viewing a trusted site,"
said Luis Corrons, technical director of PandaLabs. "It also relies on its
victims' curiosity by using a scandalous story involving U.S. President Obama
and racism. Cyber-criminals know people are curious by nature and take
advantage of this to trick users and infect them with their creations."

Twitter Direct Messages, Yet Another Technique to Spread Malware Infections

This is just the latest example of a cyber-scam that uses Twitter direct
messages to spread. Users' accounts receive dozens of them every day with
malicious links and enticing messages such as, "What exactly do you think
you're doing on this video clip", "Hello this guy is saying bad rumors about
u...," and "Did you see this pic of you?", etc.

"Never, ever, click the links within the text of those messages as they could
infect your computer," explained Corrons. "Every time you receive a direct
message you should check with the sender that they have knowingly sent it to
you. Make sure it has not been automatically forwarded to you from a hacked
account. As a general rule, always keep your antivirus software up to date and
be wary of messages offering sensational videos or unusual stories as, in 99
percent of cases they are designed to compromise user security."

About PandaLabs

Since 1990, PandaLabs, Panda Security's malware research laboratory, has been
working to detect and classify malware in order to protect consumers and
companies against new Internet threats. To do so, PandaLabs uses Collective
Intelligence, a cloud-based proprietary system that leverages the knowledge
gathered from Panda's user community to automatically detect, analyze and
classify the more than 73,000 new malware strains that appear every day. This
automated malware classification is complemented through the work of an
international team with researchers specialized each in a specific type of
malware (viruses, worms, Trojans, spyware and other attacks) to provide global
coverage. Get more information about PandaLabs and subscribe to its blog news
feed at Follow Panda on Twitter at and Facebook at

SOURCE Panda Security

Contact: Jeana Tahnk, On behalf of Panda Security,
Press spacebar to pause and continue. Press esc to stop.