Saturday, April 2, 2011

Update on the Lizamoon TweetLister tweets

 Yesterday in our blog post about Lizamoon I shared that the social app TweetLister had tweets spreading links that lead to the Lizamoon attack. Well it seems the app is still spreading some bad tweets under a different url. When I first posted about that yesterday not many other reports were out about it spreading through twitter but they are starting to come out now.

 A report from stopmalvertising  has came out today shows that the TweetLister app continues to spread links to the Lizamoon sites. For those of you who have not read about the attack I highly recommend you read my previous article here for Lizamoon info: SQL Attack Info.

 TweetLister is now spreading the attack domain Books-Loader, which seems to have been registered on January 18th 2011 so its still a pretty new domain. Doing a URL scan with a great tool called Urlvoid it seems that a couple of services detect it as malware at the moment. While doing a VirusTotal scan on the domain it says Google Safe Browsing, G-Data, and Firefoxes webshield should block the attack. You can see the VirusTotal results here: VT Results

 For anyone using TweetLister I highly recommend you watch out for the malicious links that you may start spreading. For twitter users that follow a person that uses TweetLister I highly recommend you watch out for the LizaMoon links that may go through your feed. If you know a way I recommend contacting the sales agents that you see spreading the Lizamoon links informing them that they should remove the bad posts and watch for more being posted to help prevent others from becoming infected.

 For those of you who would like to see where the links are spreading I will recommend checking out this twitter search but if you do DO NOT click on any of the links, because you may get infected if you do.

No comments:

Post a Comment