Graham Cluley’s blog

Hackers are exploiting the name of the blossoming micro-blogging website Twitter in their attempt to infect innocent computer users with malware.

Although we have in the past seen hackers hijack Twitter accounts, and malicious attacks spread via the Twitter service, on this occasion cybercriminals appear to have spammed out malware posing as an invitation to join the site.

The emails which have the subject line "Your friend invited you to twitter!" and pretend to come from invitations@twitter.com, come with an attached file called Invitation Card.zip.

What should raise your suspicions is that the email says:

To join or to see who invited you, check the attachment.

Surely if you wanted to join Twitter, you would just visit their website? Why would you need to open an attachment?

If you do make the mistake of opening the attached file you are risking the security of not just your computer, but potentially your company's data too.

Sophos detects the attached ZIP file proactively as Mal/ZipMal-B and the file within as Mal/VB-AD. Users of security products from other vendors are recommended to check that their protection is up-to-date.

So far we've only seen a small number of these attacks in our global network of spamtraps.

Posted on July 2nd, 2009 by Graham Cluley, Sophos
Filed under: Malware, Spam, Web 2.0

                                         

Free virus scan - Download the Threat Detection Test

Related posts

• WorldPay card transactions carry malware danger
• Bogus Amazon order for Sony VAIO carries malware
• Bogus lottery email carries fake anti-virus payload
• Danger lies in bogus emails claiming to be from DHL and Facebook
• Danger lurks in private dick's interesting photos