A new Twitter attack is infecting users with a rogue anti-virus download. The malware is spreading through the site in the form of posts from hijacked user accounts.
The posts contain the words 'best video' and a link to an external domain. On clicking the link, the user is taken to a fake video page which launches a background attack script.
The script attempts to install and launch a maliciously crafted PDF file which delivers the actual malware payload.
Rather than infect users with data-stealing malware or botnet controllers, the Trojan installs a fake program called 'System Security'.
As with other rogue anti-virus products, System Security presents false malware scans and alerts in an effort to dupe the user into paying for a non-functioning security tool.
Twitter claims to have suspended the offending accounts and resolved the issue, but users are still advised not to click on suspicious links.
Kaspersky Labs researcher Roel Schouwenberg suggested that the attacks may be related to a phishing run recently spotted on the site, and that the compromised accounts were the same as those being used to post the attack video.
"This attack is very significant. It would seem that at least one criminal group is now exploring the distribution of for-profit [malware] on Twitter," he wrote in a blog post. "If the trends we've seen on other social platforms are any indicator for Twitter, we can expect an increase in attacks."
See also:
New spam run uses fake money order to spread Trojan 27 May 2009
Hackers could execute code and gain control of a BlackBerry Enterprise Server 27 May 2009
Malware still a major threat, say researchers 22 May 2009
Versions on P2P networks could contain Trojan downloader 20 May 2009
Apple criticised for failing to patch vulnerability 20 May 2009All Hacking Tags: Twitter, Threats, Malware, Social-networking, Internet, Security
del.icio.us
Digg this
reddit!
