Monday, August 4, 2008

Malware on Twitter

Well, it seems like it didn't take that long for the malware authors to notice the opportunity in abusing Twitter as a malware distribution platform.
According to Kaspersky Labs:
"...This profile has obviously been created especially for infecting users, as there is no other data except the photo, which contains the link to the video.

If you click on the link, you get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. You end up with a file labeled Adobe Flash (it’s a fake) on your machine; a technique that is currently very popular..."




Unfortunately, the auto-follow-me vulnerability is still exploitable for Internet Explorer users. I'm still withholding the technical details of this vulnerability in a hope that it won't be exploited in the wild, more than it was probably already did.