This one fooled me for a half second.
I got an email to my work account indicating that I had 3 delayed messages in my Twitter account. The social engineering technique is designed to get me to click on the link and redirect me to a spam site, and quite possibly infect my system with malware as part of either a drive-by download or “click here to install such-and-such” (I didn’t click on the link). Because the message looks like something Twitter might send (it looks a lot like Twitter), users could easily be tricked into going there. Because it came into my email account that I don’t have associated with Twitter, I was immediately on-guard. But I felt that emotional taking-down-of-my-guard when I saw that it was “from” Twitter.
The sending IP is coming out of Russia, but the site is hosted on a domain that ends in .com.ar. The A-record for this site is hosted on an IP address that belongs to a hosting company out of Florida.
Be aware. It’s a social engineering spoof, not a legitimate Twitter message.
I have really enjoyed your blog, there is some excellent details against malware and spam which are really necessary. I would like to recommend for yourself and readers Malwarebytes Anti-Malware. It is a free software application that allows you to clean your PC and prevent it from malware. There is also a paid version with more advanced features if you like this software, it protects your computer nonstop from the moment it is turned on. You will find coupon codes shared by others here: http://news.dtcdeals.com/malwarebytes-coupon-code
This will hopefully keep your computer safe at all times so if yourself or readers decide to use it spread the word so we can all remain safe and fight the malware. Thanks and keep up the excellent posts.
Just want to point out that twitter recent signed up to using truedomain (http://www.truedomain.net/), so if you have a Fastmail account (http://www.fastmail.fm), emails appear with the twitter logo next to them in the web interface. Makes spotting phishing emails a lot easier.
I wrote a summary of what truedomain are trying to do in the anti-phishing space here: