We've all seen the Twitter spammers, those people with weird Twitter names like Stella613 or MikeGravel832 whofollow thousands and broadcast a single message multiple times. In fact, I've written about the
spammers before and
Twitter's efforts to control it. Unfortunately, Twitter spam and malware is turning a lot more sinister.
Adam Cohen told me about a site,
Twitpwn, that is focused on logging all past and current vulnerabilities in Twitter. The guys at Twitpwn write about the potential for distributing malware via Twitter. Security experts at
Kaspersky Labs have identified a malicious Twitter profile twitter.com/[skip]/ with a name that is Portuguese for ‘pretty rabbit’ which has a photo advertising a video with girls posted.
This profile has obviously been created especially for infecting users, as there is no other data except the photo, which contains the link to the video.
If you click on the link, you get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. You end up with a file labeled Adobe Flash (it’s a fake) on your machine; a technique that is currently very popular.
In reality, this is a Trojan downloader that proceeds to download 10 banker Trojans onto the infected machine, all of which are disguised as MP3 files. We first detected the downloader proactively as Heur.Downloader and then added a signature to detect it also as Trojan-Downloader.Win32.Banload.sco.
News of the malware/virus profile has been spreading fast as it has been written about on
Ars Technica,
TechCrunch and
The Register, but of course good Twitermaven readers don't go to those minor sites and only depend on the maven for news. :)