Hackers are exploiting the name of the blossoming micro-blogging website Twitter in their attempt to infect innocent computer users with malware.
Although we have in the past seen hackers hijack Twitter accounts, and malicious attacks spread via the Twitter service, on this occasion cybercriminals appear to have spammed out malware posing as an invitation to join the site.
The emails which have the subject line "Your friend invited you to twitter!" and pretend to come from , come with an attached file called Invitation Card.zip.
What should raise your suspicions is that the email says:
To join or to see who invited you, check the attachment.
Surely if you wanted to join Twitter, you would just visit their website? Why would you need to open an attachment?
If you do make the mistake of opening the attached file you are risking the security of not just your computer, but potentially your company’s data too.
Sophos detects the attached ZIP file proactively as Mal/ZipMal-B and the file within as Mal/VB-AD. Users of security products from other vendors are recommended to check that their protection is up-to-date.
So far we’ve only seen a small number of these attacks in our global network of spamtraps.
