Malicious Twitter Spam Making Rounds on Internet
Security researchers at the ThreatSeeker Network of Websense Security Labs are warning users of a latest malicious spam message targeting Twitter users.
Details in this regard reveal that the spam e-mail is designed to appear as a Twitter Password Reset Notification message. The e-mail contains a Web link, which when clicked or pasted into browser, pushes user to download a malevolent executable called "password.exe", noted the security firm, as per the news published by itnews.com.au on June 7, 2010.
According to Websense, the malicious executable is actually found to be a rogue anti-virus software known as "Protection Center Safebrowser". It is noteworthy that rogue anti-virus software deceives people into paying for the software to get rid of some non-existent computer problem. It is also used to commit identity theft and to compromise computers with malware.
Security experts claim that this malicious payload in this case is comparatively more mature than most of such scams, as it installs some malware files on the desktop of the user and then displays them so as to make it obvious that the machine has been infected. Thus, the attack notification appears more believable to the victim. Moreover, the attack is currently detected by 19 out of 41 engines on Virus Total.
Commenting on this attack, Carl Leonard, Senior Research Manager, Websense Security Labs, said that businesses should seriously think of a solution that will give them real time security in order to lessen the threat from cybercriminals, as per the news published by v3.co.uk on June 5, 2010.
The ThreatSeeker Network of Websense has so far observed nearly 55,000 cases of this spam e-mail.
Security experts emphasized that it's a little common sense that makes the protects user from falling to such scams. Users should not click on the links given in an e-mail that tells them that they do not remember their Twitter password when they very well remember it.
Finally, some of the must remember tips to prevent such attacks include: directly type-in the address of the website concerned into the browser or send a fresh e-mail to customer support rather than clicking on the links given in suspicious e-mails.
Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected
» SPAMfighter News - 6/14/2010
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!