The worm uses the shortened link to take unsuspecting users to a site which offers the download for "Security Shield."
As with most malware, the "anti-virus protection" is really malicious code.
Writes Sophos security:
If you make the mistake of clicking on one of the malicious goo.gl links you are ultimately taken to a website which attempts to scare you into believing that you have a virus problem on your computer. You are then frightened into installing malicious code on your PC, and asked to pay money to disinfect your systems.
Twitter itself gives some standard advice, asking users to be more cautious when clicking shortened links:
In general, please use caution when clicking on links. If you click on a link and find yourself unexpectedly on a page that resembles the Twitter login page, don't give up your username and password! Just type in Twitter.com into your browser bar and log in directly from the Twitter homepage.
Written by: Andre Yoskowitz @ 23 Jan 2011 2:43
