Security company Kaspersky reports in its Analyst's Diary about an attack that is targeting both social networking service provider Twitter's users and whole internet community at large. A malicious Twitter profile with a name that is Portuguese for ‘pretty rabbit’, has a photo with malware advertisement of a fake video. Profile contains no other data than the photo with a link to the video making it look obvious that the profile has been created to infect users.
Clicking on the link will open a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. This technique is currently very popular and the file is actually a Trojan downloader that proceeds to download more files onto the infected machine, all of which are disguised as MP3 files. The downloader is labeled as Heur.Downloader and Trojan-Downloader.Win32.Banload.sco by Kaspersky.
The footprints of this particular crime are pure Brazilian, ranging from the Portuguese, to the web servers hosting the malware to the email embedded in the malware which is used for receiving data from infected machines.
This technique does not require any serious programming skills and Google indexes un-protected Twitter profiles, so malicious pages built and marketed with good social engineering tactics end up high in the rankings.
Twitter suffers also from a vulnerability which allows an attacker to make user follow him automatically. Twitter has partially fixed the vulnerability on the 1st of August 2008 but it can still be exploited on Internet Explorer web browser.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment