Koobface Tweets

Twitter is a very popular platform for expressing whatever is on a user’s mind, making it a favorite target of malware authors. Trend Micro has published several blog entries that discussed attacks on Twitter. Now, the creators of Koobface included a new component in the malware to target the vast number of Twitter users. They’ve come up with the latest update to the Koobface loader binary and other known Koobface components that target social networking sites like Facebook, MySpace, Hi5, Bebo, Tagged, and Netlog.

The new component uses a victim’s Twitter account to post tweets using Internet-browsing cookies to log in to the target user’s account. Tweets can more successfully be posted when the victim is currently logged on to his/her Twitter account as the ‘evil’ Koobface binary runs in the background.

Figure 1. Twitter account of an infected PC

The supossed tweets are retrieved from a Koobface C&C domain and use Tinyurl.com to shorten and kind of obfuscate the URL included in the message.

Figure 2. Network stream of an affected PC

Visiting the posted URL leads to a Koobface redirector page that opens the same old ‘fake’ YouTube page that hosts the Koobface loader posing as an Adobe Flash Player update also known as the infamous setup.exe.

Figure 3. Fake YouTube page that installs setup.exe

As with earlier Koobface-related attacks, however, Trend Micro product users need not worry about being infected as Smart Protection Network already blocks malicious sites and files from running on their systems. They should, however, still keep in mind that an ounce of prevention is always better than a pound of cure.

Source : trendmicro

Related posts:

1. Twitter Filters Tweets
2. Pick Your Poison: KOOBFACE or FAKEAV?
3. 8 Things You Probably Didn’t Know About KOOBFACE
4. The Real Face of KOOBFACE
5. Latest Britney Spears Twitter Hack Highlights TwitPic Weakness (Britney Spears isn’t dead)