Twitter scareware wave
Yesterday (Thursday), an apparently large number of links leading to scareware sites were spread via Twitter. The page links were disguised using short URLs from goo.gl and advertised as "Cool", "Very Nice" or "Google's search page has done it again" in varying tweets by different users.
Clicking on the link transferred users to a web site that pretended to find numerous viruses after performing a bogus scan on a Windows PC. According to the Internet Storm Center (ISC), one of the files offered to solve the alleged problem contained the SecurityShieldFraud scareware. Once installed, the malware contacted other servers; no further functional details have so far become available. It remains unknown how many Windows users have fallen victim to the attack.
Whether the attackers used hacked accounts or stolen access data to send out the links via Twitter, or exploited existing Twitter accounts on infected PCs, is yet unclear. All scareware sites discovered in connection with this attack have now been shut down.