Our security researchers ran across the twopular.com (do not visit) site and took special notice to the ‘Welcome to nginx!’ text on the page, which is an indication of the site being down but displaying a characteristic of the Nginx Virus.
Twopular.com is a site that allows you to search for trending Twitter topics but may have been taken down recently. The Nginx error message shown in Figure 2 below, ‘Welcome to nginx!’ is commonly displayed on a PC where the web browser application has been rerouted when attempting to visit a particular website. Typically, this redirect happens when a system has been infected with malware.
Figure 1. Twopular.com screenshot
Figure 2. ‘Welcome to nginx!’ screenshot
This type of malware affects web browsers (Chrome, Firefox, Internet Explorer, Opera) and reroutes the browser to either a hacked site or some type of unwanted site that may promote malware. The particular case of twopular.com, it appeared to be a legitimate Twitter aggregator site with useful information before it was taken down.
The video below is a short live demonstration of attempting to load the legitimate twopular.com site but being redirected to a ‘Welcome to nginx!’ threat message.
Hackers could utilize the downed twopular.com site to exploit PC users with malware similar to well-known ransomware threats such as the Ukash Virus or Nginx Virus. It remains evident that computer users must be careful when visiting sites that offer free tools or services. In the case of Twopular.com, it offered free Twitter aggregation. As it turns out, it offers absolutely nothing now that it looks to be down.