Apple Music Karaoke Mode Musk Briefly Not Richest COVID Variants Call of Duty and Nintendo 'Avatar 2' Director 19 Gizmo and Gadget Gifts Gifts $30 and Under Anker MagGo for iPhones
Want CNET to notify you of price drops and the latest stories?
No, thank you

VC's automated Twitter feed spreads malware

Auto-feed tweet distributed by Guy Kawasaki's Twitter account sends people to a link that installs a Trojan.

Guy Kawasaki's Twitter page Twitter

Updated June 25 at 9:00 a.m. PDT with Trend Micro saying the Trojan is harmful to Macs and PCs.

Venture capitalist Guy Kawasaki got more than he bargained for from an automated feed he set up on his Twitter account.

Some of Kawasaki's more than 139,000 Twitter followers noticed something strange when they saw a particular non-VC-related tweet sent from his account on Tuesday.

The update advertised a sexy video of "Gossip Girl" star Leighton Meester and had a link leading to a site where, if the visitor clicked to view the video (and ostensibly download a necessary codec), a Trojan called OSX/Jahlav-C for the Mac OS would be installed instead, Graham Cluley wrote on his blog on Wednesday for antivirus vendor Sophos.

Windows users aren't immune as the Trojan they will receive, TROJ_JAHLAV.B, is downloaded, according to Trend Micro.

"Following the link would be a very bad idea because it will lead you to a malicious Web site designed to infect both Macs and PCs with a DNS-changing Trojan, which at the time of writing has low-to non-existent detection rates by security vendors (although Trend Micro customers would already have been protected from visiting the known malicious site using our Smart Protection Network)," Rik Ferguson of Trend Micro wrote.

Kawasaki told The Wall Street Journal his account is set up to redistribute updates from NowPublic, a user-generated news site.

The auto-published tweet was from a NowPublic feed that was not moderated by the site, NowPublic co-founder Michael Tippett told the WSJ later.

"Auto-feeds on Twitter can be quite risky," Michael Argast, a security analyst for Sophos, told CNET News.

Kawasaki's account wasn't the only one redistributing the malicious link; the same tweet was sent from other lower-profile accounts.