Today we must warn all Twitter users to be careful with a new Blackhole malware attack. According to experts, it is spread through misleading tweets claiming that you are pictured in an online photo and offering to click the link and see it. Of course, there is no photo under this link which in reality leads victims to Russian websites additionally used to infect user’s computer with malware. According to Sophos, that’s Troj/JSRedir-HY, so be aware about this infection and do NOT fall for clicking the link.
These tweets that are actively spread on the Internet claim something like that:
@[Username] It’s you on photo? [Domain]/#[Username].html
@[Username] It’s about you? [Domain]/#[Username].html
and similar. However, you should note that these tweets are expected to be replaced by similar ones while trying to affect more Twitter users using the notorious Blackhole exploit kit. Experts claim that the script firstly redirects to an IP address, which additionally redirects to a .CU.CC domain found to be loading executable code and ending up on a .SU domain that contains the Blackhole exploit kit.
To sum up, we highly recommend to ignore all misleading tweets coming out of nowhere and claiming similar things like this. Be sure that at the end of this campaign misleading link is waiting for you. In order to be sure you are safe from such viruses like Blackhole malware, always keep your anti-virus and anti-spyware programs up-to-date.