No: it isn’t you, it’s Twitter malware

A malware attack is currently spreading across Twitter, claiming to link to an online photo of the recipient.

The tweets read: “It’s you on photo?” or “It’s about you?”, followed by a link to a Russian web page that attempts to infect Windows PCs using the Blackhole exploit kit.

Users are being wanrned to stay alert, though, as the wording used in the tweets could change at any time.

“If you see tweets like this, please do not click on them,” says Graham Cluley, senior technology consultant at Sophos.

“There isn’t a photo of you waiting at the end of the link – and the accounts that are spreading the messages have either been compromised by hackers or have been created by hackers with the purpose of spreading the dangerous links.”

Sophos says it’s detected the malware at the end of the link as Troj/JSRedir-HY, a Dean Edwards multiply-packed JavaScript.

The script redirects to an IP address that itself redirects to a .CU.CC domain, to load executable code, with the victim ultimately ending up on a .SU domain that contains the Blackhole exploit kit.

The tweets are, apparently, going out in their thousands.

“There’s a real danger that if Twitter users have not properly protected their PCs, and unless they are warned of the risk, that many people will click on the links without suspecting that they are putting their computer and personal data at risk,” says Clueley.