False Twitter Invitations Leading to Spyware?

I’m sure some of the people who read this post follow “Welcome to the Underground” Blog and maybe other blogs  by Twitter. However, did you know that some hackers send false Twitter invitations to lure people into installing spyware or downloading viruses?

Ever since Twitter became the major channel for information spread by Iran presidential election protestors, its popularity has rocketed upwards. Even the news of the Phoenix discovering ice on Mars was first announced on Twitter. However, all good things have a bad side. Cyber criminals are now sending false Twitter invitations to prompt installation of Trojans and virus worms!

From the format and content, the false invitations looks like that it’s a real one sent by the Twitter official site. However, if you look at it closely, you’ll find that the false invitation does not have the “inviting” link in contrary to the real invitations. In its place is a link that downloads a file called “invitation.zip” in the background that you cannot control, and lures the people who are considering joining Twitter into downloading the virus contained in the “invitation.zip”.

The virus in that zip file has been identified as a worm” W32.Ackantta.B@mm” by ESET nod32 antivirus (it’s definitelyNOT an email address!). This worm earlier appeared in February’s invitation card attack, which collects email addresses from the infected computers, and copies itself to those multiple addresses (this is how it’s supposed to work, but it’s usually blocked 90% by stronger av programs such as ESET or AVG).

I remind readers to upgrade their antivirus and communication software to prevent getting infected.

Share this Post