Here we go again! Just over a week ago there have been many Acai Berry tweets being sent throughout Twitter from bogus accounts. These Twitter messages are promoting a free trial of an acai berry dietary supplement. Security experts say that social-networking spam is particularly effective because it can’t be filtered at the corporate firewall and appears to come from a friend of the recipient.

These messages aren’t coming from friends you may know, as these accounts were hacked. Not only hacked accounts are spreading the dietary supplement, but they’re also coming from new squatted accounts created months ago. This strategy allows the spammer to build up followers before tempting their trickery.

However, these links that are shortened can fool anyone into believing they’re legitimate, but think again. The links are going to websites that are full of Malware.

Here are some facts about Malware infected sites:

Web-based Malware more likely to be found on older domains

The common assumption that most web-based Malware resides on less reputable websites, perhaps touting adult content, was called into question when MessageLabs Intelligence identified that cybercriminals appear to be more likely to hide malicious content on older domains that have been well-established, but perhaps compromised or Malware being hosted in breach of their terms of use. The latter being typical of domains connected with social networking environments, providing mainly user-generated content.

MessageLabs Intelligence data3 from the week of 5 May 2009 revealed that:

  • 84.6% of website domains blocked for hosting malicious content are well-established domains that are over a year old
  • 15.4% of domains blocked are domains that are less than a year old
  • 10.2% are domains that are less than a month old
  • And 3.1% are domains that are less than a week old

Older domains are almost certainly more likely to be well-established and more reputable, and the likelihood that they are legitimate sites that have been compromised in some way is increased.

Domains that are only a week old or less and implicated in hosting Malware are more likely to be temporary sites set up with the sole purpose of distributing Malware or spam, such as in the numerous domains that exist solely to distribute rogue anti-spyware or anti-Malware products.

Very new sites are often found to be used by affiliates, in order to redirect visitors to another site. This helps to ensure that they receive payment for any click-thrus that their sites generate, but sometimes they will include drive-by attacks, using hidden HTML IFRAME exploits, for example.

Be extra careful before clicking on any link on any of the social networks.