Twitter Users Being Attacked Using Recent Topics of Discussion as Lure

As per the warning issued by security researchers, various spam schemes discovered on Twitter during the first weekend of June 2010 targets gullible users by means of replies on the topics they discussed in their recent tweets. Web links circulated in this manner result in malicious activities over the Internet.

Anti-virus vendor Sophos has recently warned that malware-distribution assaults on Twitter are based on the "Israeli blockade on Gaza", which is the current topic of international debate. The topic is used as a lure in order to trap supporters of both sides. Most of these spam served a dangerous Trojan called Bifrost.

According to Chester Wisniewski, security expert at SophosLabs Canada, Bifrost Trojan is known to establish a backdoor on the targeted computer, as per the news published by Sophos.com on June 5, 2010. It can provide the remote control of the affected computer to the attackers. Some more sophisticated variants of the Trojan also include a rootkit. Like most of the Trojans, Bifrost too allows attackers to remotely execute arbitrary attack code on the affected PC.

In addition to the abovementioned attack, another malicious attack involving the use of same server was a phishing attack, which targets the Israeli supporters, noted Wisniewski.

One of the malicious links used in the attack directs users to jotform.com webpage. The page asks the user his email ID and password so as to enable him to "Support Israel via Facebook". Next one in this series is a Yahoo! phish, which again targets Israeli supporters, experts highlighted.

Other assaults in the campaign included the one targeting lonely males with the obvious bait of sexy women who is willing to have an exciting and deep conversation. One of them pretending to be a screensaver shows a picture that eventually infects the user's PC.

Sophos identifies the screensaver as Troj/Mdrop-CPU. Moreover, the components which are installed on the PC of the victim have been detected as Mal/Kelnject-A and Mal/EnPk-LR.

Wisniewski concluded by assuming that most of these cyber attacks might be the attempts of Gaza supporters to establish strong botnets for launching Distributed Denial of Service attacks. This assumption is based on the fact that five out of six malware samples that were distributed in the recent spam scams have C&C servers in Muslim nations including Saudi Arabia and Morocco.

Related article: Twitter Flaw Compels Victims to Follow Hacker’s Account

» SPAMfighter News - 6/16/2010