A number of Twitter users received a spam Direct Messages, apparently coming from their friends ,that read "your in this <Link to page on Facebook.com> LoL".
Here is other variants of spam DMs:
Once the link from the DM is clicked, the victims are taken to a page that displays a warning message that "An update to Youtube player is needed". The webpage continues to claim that it will install an update to Flash Player 10.1 onto your computer.
It downloads a file called "FlashPlayer V10.1.57.108.exe" which is detected Sophos antivirus as Troj/Mdrop-EML, a backdoor trojan that can also copy itself to accessible drives and network shares.
"Quite how users' Twitter accounts became compromised to send the malicious DMs in the first place isn't currently clear, but the attack underlines the importance of not automatically clicking on a link just because it appeared to be sent to you by a trusted friend." Sophos security researcher said.
Here is other variants of spam DMs:
- you even see him taping u <Link to page on Facebook.com> thats awful
- lol ur famous now <Link to page on Facebook.com>
Once the link from the DM is clicked, the victims are taken to a page that displays a warning message that "An update to Youtube player is needed". The webpage continues to claim that it will install an update to Flash Player 10.1 onto your computer.
It downloads a file called "FlashPlayer V10.1.57.108.exe" which is detected Sophos antivirus as Troj/Mdrop-EML, a backdoor trojan that can also copy itself to accessible drives and network shares.
"Quite how users' Twitter accounts became compromised to send the malicious DMs in the first place isn't currently clear, but the attack underlines the importance of not automatically clicking on a link just because it appeared to be sent to you by a trusted friend." Sophos security researcher said.
