Twitter PDF exploit spam

As evidenced by these real-time results, various Twitter accounts have recently bombarded other users with a message saying “Wow, A marvelous Product” and containing a malicious link.

A click on the link will – according to Sunbelt – take you either to a page promoting a paid movie service, or to a URL (fqsmydkvsffz(dot)com/tre/vena(dot)html), where a specially crafted malicious PDF file will try to open and exploit different vulnerabilities in Adobe PDF Reader’s Javascript engine in order to execute malicious code on your computer.

The message has a few variants – the phrase/text can occasionally be any of the following: “Wow, An incredible Product”, “Wow, A shocking Discovery”, “Wow, A stunning Product”, “Wow, A Revolutionary Product”, “Wow, A fascinating Site”, “Watch This”, “I Just Cant Beleive This”, etc.

This is not the first instance when Twitter – or, for that matter, any other social network – has been misused by attackers, and it certainly won’t be the last. While we wait for the networks to find a way to block these kind of attacks, we can try to condition ourselves not to follow links in messages or emails from people unknown to us.