Update (June 24): The issue continues and the attackers have switched their URLs to innocuous-looking Bloglines URLs containing the word "twitterbest".



—

Web security company Panda Security contacted us today to warn that malware links have started to invade Twitter's Trending Topics.



Scammers are targeting the service, they say, by creating fake Tweets that include the name of a trending topic. The idea is that you'll search for a topic to find out what it means, and accidentally click through to the malware sites.



Beware "Twitterbest" and "Zasaden" in Twitter Search



The most common rogue links are called "Twitterbest [dot] mp" and "Zasaden [dot] mp" - do not visit either site. The sites are obviously scams based on the fact that the URLs usually have some pornographic phrase in them, but with the sheer volume of links being distributed it would be extremely easy to conduct a Twitter search and accidentally click a link.







Once you click the link:



1. You'll be taken to a page that prompts you to "upgrade your Flash player" or similar.



2. If you agree to this download, the software installs itself.



3. You receive error messages saying you have a virus and need to download a fake antivirus program they call "Fast Anti-Virus 2009". This is the end goal of the scam: to get you to pay $89 for the fake anti-virus software.



You can avoid these scams by being cautious of links in Twitter search that look like those above. More generally, it's smart to avoid downloading software from unknown sites.



The Twitter Trending Topics Scam in Pictures



Here's the full process of the scam, and screenshots of each stage supplied by Panda Security.



Step 1: Malicious Tweets and Links in Twitter Search









Step 2: Prompt to Download Flash or Other Video Software







Step 3: Virus Warnings and Prompt to Buy Anti-Virus Software



