Micro-Twitter blog service has fallen prey to malware. Users of micro-blogging service provides links to booby-trapped sites in danger of a profile.
The approach is being used to spread malware in the form of links to an alleged film with skin Brazilian pop star Kelly Key. Prospective marks are told they need to download a new version of Adobe Flash to get their valuables.
The false Adobe Flash download the program actually contains malicious payload, a downloader that tries to inject ten banking Trojans in the infected machine. These files are malicious disguised as MP3 files, net security firm Kaspersky Lab warns.
Fake Flash downloads have become a popular tactic of delay VXer - unknown miscreants have simply moved to the tactic Twitter instead of targeting instant messaging or e-mail users.
"The traces of this crime are pure Brazilian - ranging from the Portuguese, web servers to host the banking malware to e-mail address embedded in malware that is used for receiving data from infected machines,"
writes the Kaspersky researcher Dmitry Bestuzhev.
"This technique does not require knowledge of programming serious - buy some Trojans, upload them to a web server and create a chain of Twitter following profiles of others. Twitter has recently become the focus of security concerns. Last week security researcher Aviv Raff warned of a follow-me self unpatched vulnerabilities in the service. The cross-site request forgery flaw allows an attacker to obtain scores of followers to deceive players simply visiting a fraudulent website, security commentator Ryan Narain notes.
IE users are still at risk, despite a partial set of security Twitter's security team. Raff, who has created a site called www.twitpwn.com honor of vulnerability, is the retention of data security pending a complete failure to solve.
The Brazilian Trojan downloader attack apparently did not use this technique, which is just as well for Twitter users, as well as the largest Internet community. Google indexes without Twitter profiles, in order to hacker-created sites promoted by malvertising tactics are likely to figure high on the search page classifications.
In reality, this is a Trojan downloader downloading the product to 10 banker Trojans in the infected machine, all of them disguised as MP3 files. We first detected the downloader proactively as Heur.Downloader and then added a signature to detect as Trojan-Downloader.Win32.Banload.sco. Only 1 person is following this profile today :
We assume this is one of the authors. The person following the malicious profile is doing 1 thing only as well – following yet a third profile.
Source : http://dhuwuh.blogspot.com/2008/08/be-carefull-with-twitter-trojan-targets.html