Fresh Attacks Launched Using New iPhone App of Twitter

Cyber-criminals have been exploiting people's increasing interest in "Twitter for iPhone", the novel iPhone software, and distributing malicious tweets to contaminate end-users' computers.

As per Kaspersky Lab, cyber-criminals are launching the attack by manipulating trending topics on Twitter, which is one of the popular sources for abuse; however, there's a twist this time. Instead of loading fake anti-virus programs as is common with such attacks, the criminals are loading a fresh Trojan, which captures credentials for Internet banking, PIN numbers of credit cards and passwords for online payment.

Senior anti-virus researcher Dmitry Bestuzhev at Kaspersky Lab states that the attack introduces malevolent messages from the malevolent Twitter profiles of the attackers themselves, as per the news published by darkREADING on May 20, 2010.

The messages or tweets have the words "Official Twitter App." and they occupy the 7th place on the Top Ten List of Twitter trending topics. One of the instances involves a tweet including a web-link supposedly leading to a video depicting the Olympic Games mascot.

States Bestuzhev that he observed many people sending the tweet with the news again-and-again even without verifying the source. When users followed the web-links, they landed on a page containing a malevolent Java file, which dropped the banking Trojan onto the victimized systems.

Kaspersky anti-virus identified this Trojan as Worm.Win32.VBNA.b, which has several malicious features. Thus, it proliferates via USB devices and turns off the regedit program; Windows task manager; and notices from Windows Security Center. It further makes its own replica on the infected system and names it Live Messenger.

The criminals also added a virtualization system that makes it hard for security analysts to detect the Trojan. Actually, the malware examines whether or not the infected computer's hard drive is virtualized and in case it finds the machine to be one, it prevents itself from being executed.

Moreover, according to Bestuzhev, the attack seemingly emerges from Brazil unlike most fake anti-virus scams that normally arise from Russian-speaking nations.

Meanwhile, users are advised to do their online searches extremely carefully as criminals often employ BlackHat SEO tactics for including their malicious URLs in the top search results.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

» SPAMfighter News - 6/1/2010