Twitter users were hit with another attack over the weekend featuring tweets reading "Best Video" and a link to a Web site that downloads malware, a security firm said on Monday.
The Web site, with a .ru (Russia) domain, purports to show an embedded YouTube video. Instead, the page downloads a malicious PDF that contains a "flurry of exploits" and if successful downloads fraudware that displays a fake security warning to try to get people to pay money, according to Kaspersky's Viruslist.com blog.
Contrary to earlier reports that the attack was a worm, the Kaspersky blog post speculates that the attackers were using accounts stolen in a phishing attack about a week ago.
Thousands of Twitter users were affected by what looked like a worm-like phishing attack last week, but was instead a site designed to help Twitters increase their number of followers quickly. The TwitterCut site looked like a Twitter log-in page and prompted people to type in their user names and passwords. Site administrators denied the phishing allegations and said they were shutting it down, according to the TrendLabs Malware Blog.
"This attack is very significant," the Kaspersky post says of the latest attack. "It would seem that at least one criminal group is now exploring the distribution of for-profit on Twitter. If the trends we've seen on other social platforms are any indicator for Twitter, then we can only expect an increase in attacks."
Twitter said on Saturday that it was aware of the problem and working on it. Another message from Twitter on its status page said some legitimate accounts affected by the attack were suspended but would be restored and that no personal information had been compromised.