Former New York City Mayor Rudy Giuliani is famous for making mistakes on TV, but it's Twitter mistakes that can infect your PC with malware.
The former presidential candidate and current pro bono personal attorney for President Donald Trump sometimes makes typos when posting web links on his Twitter page, which has over 650,000 followers. This past Saturday, February 16, he made three typos.
Scammers and pranksters register these confusing domain names for fun, and as Jerome Segura of Malwarebytes writes in a blog post today (February 19), two redirect to benign websites, while the third potentially lead to malicious browser extensions.
Saturday was not a good day for Rudy. He first posted a lengthy tweet calling financier George Soros "Republican enemy number one" and an anarchist. Giuliani urged his followers to "watchrudygiulianics.com on Wednesdays this week."
The problem is that Giuliani's personal website is "rudygiulianics.com"; there is no "watch" in the URL. However, someone has registered "watchrudygiulianics.com" and redirected them to the drug treatment website.
What was less appealing was the link Giuliani posted a few days later. In that case, he wrote "Rudy Giulianics.com," so only the last part linked to anything.
To my surprise, someone registered "Guilianics.com." When you click on that link, it tries to get you to install a very dubious browser extension that admits to changing your default search engine.
"It's not good for anyone to see a domain registered with Giuliani's tweets infected with malware," Segura told CNET.
Finally, Giuliani retweeted the fan's tweet and added a link to his website, minus the final "i."
Clicking on it redirected to a Wikipedia page about the Trump-Ukraine scandal, in which Giuliani plays a central role.
Segura, who briefly served as Trump's cybersecurity advisor, has become so well known for his digital gaffes that Giuliani has made at least two butt calls to reporters from his cell phone.
"It's not ideal for attackers because it's like relying on users to make typos, which only happens occasionally," Segura told CNET. In his case, "just looking at the last few days, there have been multiple occasions where he's created links incorrectly.
Comments