Last week, when I wrote about Aviv Raff's auto follow-me vulnerability on Twitter, I warned that it was only a matter of time before we see nasty social engineering (malware) attacks on the popular microblogging service.
Well, it's here.
Malware hunters at Kaspersky Lab (my employer) are seeing early signs that Twitter is now clearly big enough to be a distribution mechanism for malicious software.
In this case, a Twitter profile has started lending links with lures to a pornographic video of Brazilian pop star Kelly Key (photo above). Kaspersky Lab's Dmitry Bestuzhev explains:
This profile has obviously been created especially for infecting users, as there is no other data except the photo, which contains the link to the video.
If you click on the link, you get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. You end up with a file labeled Adobe Flash (it’s a fake) on your machine; a technique that is currently very popular.
In reality, this is a Trojan downloader that proceeds to download 10 bankers onto the infected machine, all of which are disguised as MP3 files.
This attack technique does not require any serious programming skills. Simply purchase some Trojans, upload them onto a Web server and create a chain of Twitter profiles following each other. Or, even more scary, take advantage of known/unpatched auto follow-me vulnerabilities and build a large network of targets to send the malicious links.
Another big problem is the fact that search engines (Google especially) indexes Twitter profiles, so malicious pages built and marketed with good social engineering tactics end up high in the rankings.