Bogus Twitter Profiles Are Being Used To Spread Malware - Overclock.net

Hueristic · 08-05-08

Bogus Twitter Profiles Are Being Used To Spread Malware

Quote:

According to Kaspersky Lab’s Viruslist diary, this week Twitter has hosted an attack that is targeting both Twitter users and the Internet community at large. A malicious Twitter profile with a name that is Portuguese for ‘pretty rabbit’, has a photo with malware advertisement of a fake video. This profile has obviously been created especially for infecting users, as there is no other data except the photo, which contains the link to the video.

Clicking on the link will get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. This technique is currently very popular and the file is actually a Trojan downloader that proceeds to download more files onto the infected machine, all of which are disguised as MP3 files. The downloader is labeled as Heur.Downloader and Trojan-Downloader.Win32.Banload.sco by Kaspersky.

The footprints of this particular crime are pure Brazilian, ranging from the Portuguese, to the web servers hosting the malware to the email embedded in the malware which is used for receiving data from infected machines.

This technique does not require any serious programming skills and Google indexes un-protected Twitter profiles, so malicious pages built and marketed with good social engineering tactics end up high in the rankings.

It gets even worse since Twitter suffers from a vulnerability which allows an attacker to force his victim to follow him automatically. Although Twitter has partially fixed this vulnerability on 01-Aug-2008, the vulnerability can still be exploited on Internet Explorer.