Yesterday I spotted an interesting Twitter scam/spam campaign. I have reported this incident to Twitter. Most of the malicious links are already blocked.
- Compromised Twitter accounts posted tweets with innocent looking links (otherwise the tweet content is suspicious)
- Large number of hacked websites are used
- Main target: stealth attraction online video training for “only” $69.95 – with a manly promise: “Just watch the videos, apply the methods, and [redacted] the [beep] out of any girl you want.”
If you click on a malicious link, you will be redirected to bonusim.ru website. If you do, just leave the site.
- Hey @follower power over women. And pretty much allows you to [link]
- Hi Just say the magic words….[link] @follower
- Hi [link] @follower seduction system truly is.
- [link] @follower This video gets you laid?
- Hi be behind a pay-wall to keep the prying eyes out. [link] @follower
The links are interesting: they are pointing to websites that don’t seem to have anything to do with the subject matter. All websites have at least one randomly named directory, which contains a small index.html file:
urlQuery shows what happens if you click on the malicious link:
Link to the urlQuery report: http://urlquery.net/report.php?id=1405064677113
Here is the landing page with more macho content. You don’t actually have to click on “the men click here” link: the annoying (controversial) video starts automatically.
Technical check of the domains revealed the following:
- Majority of the domain names are old co.uk addresses
- All domains are hosted by Freeparking
- All domains are hosted on a IIS 6.0 server
It is likely that most, if not all, of the websites are hacked. Possibly using a single, easy to exploit vulnerability.
I hope that the hosting company notifies the affected site owners. Perhaps the hoster will be able to check how these sites were hacked and help to prevent any further misuse. If you know the hosting company or any affected website owner, please notify them.
If your Twitter account is hacked or compromised, please read this article: https://support.twitter.com/articles/185703-my-account-has-been-hacked
If your friend is posting malicious links, do her/him a favor and report the account as compromised: