Posted by Virus Bulletin on Oct 11, 2011
Tweet promising conference news links to trojan.
A tweet using the #vb2011 hashtag, which was used in numerous tweets referring to last week's VB2011 conference, contained a link spreading malware, according to researchers at BitDefender.
The link used a URL-shortening service to download a file named VB2011.exe, which, once executed, injected a Windows process and downloaded an installer. The victim would end up with adware, gameware and adult content opened in a web browser, as well as desktop shortcuts to such sites.
The abuse of hashtags by those with malicious intent is not an uncommon phenomenon and cybercriminals are known to automatically add popular hashtags to their tweets. They use Twitter's list of 'trending' topics to find out which topics and hashtags are the most popular at the time.
The tweet has now been taken offline, but it appears that this was manual work, possibly by someone who holds a grudge against the security industry. Usually malware authors try hard to prevent their links from being opened by security professionals, as this increases the likeliness of detection.
Because Twitter is an open platform where no entity 'owns' hashtags, there is nothing Virus Bulletin could have done about this, nor is Virus Bulletin in any way responsible for the tweet. It does, however, show an important lesson for Twitter users: that they should be cautious when clicking links in tweets; even if these links seem related to a trusted security event or organization.