September 25, 2012
Cybercriminals have recently been attacking social media users with malicious links that when clicked, spread malware. The new campaign targeting Twitter users infects a computer by direct messaging followers of a compromised account a link to a virus disguised as a shared Facebook photo or video, reported PC Mag.
Execution of the malware
According to Sophos analyst Graham Cluley, experts discovered this latest case after a number of Naked Security blog readers complained about spam sent through their direct messages.
There are two different letters a recipient to this malicious link might receive. The first claims that a person is in a photograph with the words, "your in this [link to page on Facebook.com] LoL." The second is a video "link" that says, "you even see him taping u [link to page on Facebook.com] that's awful."
If someone were to unknowingly click on the link, he or she would be brought to a video player and a warning that "an update for YouTube Player is needed." The user is then told that if he or she continues, Flash Player 10.1 will install. However, the "update" of the program, called FlashPlayerV10.1.57.108.exe, is a backdoor Trojan that hackers can use to control a computer. The Trojan will copy itself onto other drives and networks to access personal information.
It is unclear how Twitter accounts are becoming compromised, because only friends can send direct messages, which makes this malware extremely dangerous to the web security of a person's device, reported AllFacebook's David Cohen.
Data loss prevention
According to a recent McAfee report, the number of malware instances since the first quarter of 2012 has increased by 1.5 million cases. Because malware attacks are on the rise, it is important that internet users take the necessary precautions for network security.
Users should not click on links if they do not know whom they are from. Even if a link does appear to be from a trusted colleague, a person should confirm that his or her friend sent it. Cluely also urges Twitter subscribers to change their passwords and take away any permissions for personal information required by a suspicious application. Experts also suggest that users hover over the link to determine if the shown domain and the actual domain are the same. If not, it is an indication that a website could lead to the download of a virus.
-McAfee Cloud Security