Former New York City Mayor Rudy Giuliani is famous for making mistakes on TV, but it's his mistakes on Twitter than might infect your PC with malware.
The former presidential candidate, now serving pro bono as President Donald Trump's personal attorney, sometimes makes typos when he posts web links on his Twitter feed, which has more than 650,000 followers. On this past Saturday, (Feb. 16), he made three.
Crooks and pranksters have registered those mangled domain names and had fun with them. Two redirect to benign websites, but the third leads to a potentially malicious browser extension, as Malwarebytes' Jerome Segura (opens in new tab) wrote in a blog post today (Feb. 19).
- Best antivirus software: Protect your PC
- Best password managers
- Twitter lets you mute words with this simple trick
Saturday just wasn't a good day for Rudy. He began by posting a long tweet calling financier George Soros "enemy number one of the Republican Party" and an "anarchist." Giuliani implored his followers to "watchrudygiulianics.com Wednesday this week."
Soros is enemy number one of the Republican Party. He’s like an anarchist. He funded DAs who are letting criminals go free. And in Eastern Europe he uses our embassies to protect his organization and attack his enemies. https://t.co/WFcytLdmaR Wednesday this week. https://t.co/OHONO51MuvFebruary 16, 2020
The problem is that Giuliani's personal website is "rudygiulianics.com." There's no "watch" in the URL. But someone registered "watchrudygiulianics.com" and it now redirects to a drug-treatment website.
Not as charming was the link Giuliani posted a couple of tweets later. In that case, he wrote "Rudy Giulianics.com," so only the last part linked to anything.
Rudy Giuliani - Former Associate U.S. Attorney General & Former Mayor of New York CitySUBSCRIBE: Rudy https://t.co/cmLuQdUtOW https://t.co/3iLot6QCn2February 16, 2020
Lo and behold, someone registered "Guilianics.com." If you click on that link, it now tries to get you to install a very shady-sounding browser extension that admits it will change your default search engine.
"When you see a domain registered with a Giuliani tweet with malware, that's not good for anybody," Segura told CNET (opens in new tab).
Finally, Giuliani retweeted a fan's tweet and added another link to his own website, except that he left out the final "i", resulting in the link being "rudygiuliancs.com."
Thank you for a much too flattering portrait and for your support. Follow RUDY GIULIANI COMMON SENSE at https://t.co/zzGPt2N6WA and click subscribe. https://t.co/TdaepUL2H4February 16, 2020
Click on that, and you're redirected to the Wikipedia page about the Trump-Ukraine scandal, in which Giuliani plays a central role.
Segura points out that Giuliani, who was briefly President Trump's cybersecurity advisor, has become so famous for making digital gaffes -- Giuliani has butt-dialed reporters from his cell phone at least twice -- that people are counting on him to make mistakes.
"You're kind of relying on the user to make those typos and they happen once in a blue moon, so that's not ideal for attackers," Segura told CNET. "With him, just looking at the last few days, there were multiple occasions where he created links by mistake."