Twitter Spam Carrying Virus Unleashed
Following phishers' attack against Twitter during May 2009 through the supply of bulk spam mails, Symantec Security Response has currently discovered bogus Twitter invitations, which are randomly flowing in with a malicious mass-mailing virus.
States Symantec that the new 'Twitter spam' has been unleashed in attempts to entice Twitter users in a way that they might open an attachment carrying the virus that compromises Windows-based computers.
The attack works via a tweet that comes in claiming that friends of the user are urging him to become a member of their group and thus to view a given attachment, says director of security response Kevin Haley for Symantec. NetworkWorld reported this on June 18, 2009.
According to Haley, the attack uses a novel social-engineering trick, adding that the malware distributed is Ackantta.B a version of worm Ackantta discovered sometime during February 2009 that spammed mass e-mails.
The worm also transmits the IP address of the victim to an index of compromised PCs while the newly-hijacked PC is prepared for pulling down more malware in future.
Say researchers at Symantec that as the popularity of Twitter increases among users of social-networking websites, people seem to be getting e-mail updates and invitations regularly from co-users. Therefore, according to the researchers, spammers are expected to keep on using Twitter along with other social networks as lure for spam attacks.
Nevertheless the exercise of using malicious programs in the guise of greeting cards and e-mail attachments isn't new just as the Storm worm attacks spread their payload in the form of e-greetings.
Meanwhile, recent months have seen an immense increase in attacks against Twitter since the popularity of the site soared. These attacks included hacking attempts to steal account details to XSS (cross-site scripting) assaults and attacks that spread malware.
Thus Symantec advises users to avoid opening invitation attachments as also any suspicious or unsolicited e-mail attachment. Also they must verify a site's validity and exercise caution with any message directly or indirectly from a website. Finally accessing a website by typing the address directly into the browser instead of opening a web-link is an optimum security practice.
Related article: Twitter Flaw Compels Victims to Follow Hacker’s Account
» SPAMfighter News - 28-06-2009