Twitter seems to be among the favorites of cyber criminals. They’re increasingly using this social networking and microblogging service for malicious attacks. Today I’d like to warn you against yet another round of Twitter-related spam attacks that were recently discovered by Trend Micro.

Subject lines of these attacks may differ. However, they are purportedly being sent by the Twitter team. Here are two sample emails:

Hi, lakelike
You recently changed the email address associated with your Twitter account.
Online news twitter, click this link: http://XXXXX
Once you confirm, all future email from Twitter will be sent to this address.
The Twitter team

Hi,
Attention! We detected that someone was trying to steal your Twitter account password.
We strongly recommend you to download our secure module to protect account!
Please click on the link below: http://XXXXX
The Twitter team

Experts from Trend Micro note that the first email contains a phishing attack targeted towards the users of Twitter. The second email has a link that navigates to the download of malicious file, detected by Trend Micro as TROJ_FAKETWT.A.

TROJ_FAKETWT.A is known to drop the following copies of itself:

• %User Temp%\mscdexnt.exe
• %User Temp%\topwesitjh

It adds the following key(s) as part of its installation routine:

• HKEY_CLASSES_ROOT\.exe\DefaultIcon
• HKEY_CLASSES_ROOT\.exe\shell
• HKEY_CLASSES_ROOT\secfile

Once again, as the whole essence of Twitter is clicking on links, it’s extremely important to be cautious and to use appropriate and up-to-date anti-virus software. Use your common sense when dealing with any links and stay alert when providing your login information.

Look for more

Spam attacks Twitter

TROJ_FAKETWT.A