New Twitter-Based Malware Uses Direct Messaging to Spread

ID THREATPOST:6E9BDA8D19653C1A3399365010E5F0F3
Type threatpost
Reporter Anne Saita
Modified 2013-04-17T16:31:29


TwitterSophos is warning of a new trick to get Twitter users to open direct messages from trusted users that ultimately infect their machines with malware.

In a blog post, senior technology consultant Graham Clulely said the initial message is a tweet claiming the recipient’s been captured on a Facebook video. One version makes it sound like something scandalous was taped without the person’s knowledge.

Click the link and a video player pops up with a warning that an update for Youtube Player is needed. But instead of FlashPlayerV10.1.57.108.exe, it’s actually a backdoor Trojan that copies itself to accessible drives and network shares.

“Quite how users’ Twitter accounts became compromised to send the malicious DMs in the first place isn’t currently clear, but the attack underlines the importance of not automatically clicking on a link just because it appeared to be sent to you by a trusted friend,” Clulely wrote.

“If you do find that it was your Twitter account sending out the messages, the sensible course of action is to assume the worst, change your password (make sure it is something unique, hard-to-guess and hard-to-crack) and revoke permissions of any suspicious applications that have access to your account.”

Also today, Cluley reported a phish scam using a fake Microsoft Windows Team message from that’s meant to swipe Web-based email account passwords. Those who fail to notice the faulty language and grammar mistakes and click the link are taken to a third-party site, not Microsoft’s site, and told their computer is at high risk and requires they log into their Yahoo, Hotmail, Gmail or AOL account to install an update.

Once the cybercriminals capture the login information, the victim’s browser is redirected to a genuine Microsoft update page related to Windows security.