OFFICIAL SECURITY BLOG
April 17, 2014 | BY Christopher Boyd
It looks like someone took a compromised Twitter feed and turned it into a fake CNN account, which was peddling weight loss spam:
Note the profile URL: on the profile itself, underneath the “Breaking News” image it reads as “CNN Hotline”, but the spelling on the actual account has a Capital “I” where the L should be.
Scammers will often try to fool potential victims with almost-but-not-quite usernames in exactly the same way they would with fake banking pages so always be on the lookout for that old but effective trick. The Twitter feed in question has had the spammy links removed, though it still claims to be CNN.
As for the shortened Goo.gl link, it leads to the below site offering up a “free trial offer for readers”:
Weirdly, clicking the link near the bottom of the page which said “Click Here To Get A Free Bottle Of Green Coffee Bean Extract” took me to something else altogether – an iLivid installer prompt:
Users of Malwarebytes Anti-Malware will find we detect the above as PUP.Optional.Bandoo, and the VirusTotal score for that is 6 / 50.
Always look for the verified badge on a Twitter profile if it claims to be a popular news station, TV show, musician or anything else. While a verified account can still be hijacked to send spam, it’s probably at least a good idea to be looking at an official profile if and when fur starts to fly. L
et’s not make it easy for the scammers by using any old profile as the jump-off point for dubious link clicking – look how many retweets one of the diet links received from people who likely thought it was a real CNN account before it was taken down:
To coin a phrase: whoops.