X

Spam masquerading as Twitter e-mails lead to phishing, malware

E-mails masquerading as Twitter support messages prompt recipients to click links that download a Trojan and display fake anti-virus warnings or lead to a phishing site, security firms say.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
 
The spam appears to come from the Twitter customer support team. Trend Micro

E-mail inboxes are getting hit this week with spam campaigns that appear to be legitimate Twitter messages but which lead to malware and phishing sites, security firms warned on Wednesday.

Some e-mails masquerade as messages from Twitter's customer support team warning the recipient that the site has detected an attempt to steal the Twitter account password and prompting the recipient to click on a link to download a "secure module" to protect the account, according to Vietnamese antivirus firm Bkis and Trend Micro.

If the link is clicked on a Trojan horse designed to target Windows will be downloaded and will install a backdoor on the machine that attackers can use to provide future instructions to the computer, as well as display pop up notices saying the computer is infected with malware and offering antivirus for sale, the firms said.

Other spam exploiting the Twitter name falsely states that the recipient has changed the e-mail address associated with the Twitter account and offers a link to click to confirm the change, according to Trend Micro. The link leads to a phishing site designed to steal the user's Twitter password.

Some spam is using the Twitter logo but then showing ads for pharmaceuticals underneath, Trend Micro said.

"Twitter does not send links to a secure module," Trend Micro said in a blog post. "Similarly, legitimate Twitter emails changing the email address of user accounts include the new email address in the message body and do not describe or promote any new service, as many of these phishing emails do."

This is a screen shot of the fake antivirus warning that comes from downloading the malware from the fake Twitter e-mails. Bkis