I’m not the only one to be getting these spammy direct messages on Twitter that lead to bogus Facebook links. Apparently a lot of people have been complaining of these messages, according to Sophos analyst Graham Cluley who wrote about it on the Naked Security blog.
Different variations of the direct messages include, “your in this [link] lol” and “lol ur famous now [link]” (I got this one too).
Of course, I didn’t click on the link. However, according to Cluley, those people that do click are led to a video player that says, “An update to Youtube player is needed.” Users are asked to download what is supposedly called “FlashPlayerV10.1.57.108.exe,” but Sophos antivirus products detect it as Troj/Mdrop-EML, which is a backdoor Trojan that can copy itself to accessible drives and network shares.
A Slate reporter wrote that he clicked on the bogus link and was directed to Facebook where he was told he had to log in to access an app. It’s unclear if this link also contained some sort of virus, Trojan, or malware.