TweetFollow your way to infection

TweetFollow is an iPhone application available from http://www.b1te.com/tweetfollow/

 

Unfortunately for the application vendors though, tweetfollow.com (DON’T GO THERE) is also a domain that is hosting malicious JavaScripts that redirect the visitor to download malware.

 

In a textbook example of cybersquatting and trend surfing, these cybercriminals are banking on the popularity of both Twitter and the iPhone to maximise their infection rates. The site host a malicious JavaScript file which redirect the visitor and push malware down to their PC.

 

The JavaScript is called app_info_next_312.js and a quick search reveals almost 100 other servers hosting a JavaScript with the same name. Of course the name is meaningless in terms of detection and Trend Micro detect the malicious JavaScript (whatever name it goes under) as JS_IFRAME.AKK. The site distributing the malware is also blocked by the Smart Protection Network

 

Tweetfollow.com was registered on the 31st December 2008, and there appear to be 103 other websites hosted on the same server many of which contain similar malicious content. What is not yet clear is whether this server is a victim (of hacking) or a perpetrator, but what is clear is that you should avoid all links to this site for now.

3 thoughts on “TweetFollow your way to infection

  1. Pingback: Twitter followers fall foul of fake follows site | Naked Security

  2. Pingback: Fake Twitter Application Site Infects Your PC | ComputerFinance.net

Leave a Reply

Your email address will not be published. Required fields are marked *

*