Posted by: Barracuda Labs
As Twitter's popularity continues to increase, so does use of its name as a way to spread malware. Late last week a Purewire employee received the following email, which presented itself as an invitation to join Twitter.
From: firstname.lastname@example.org [mailto:email@example.com]
Sent: Friday, June 12, 2009 1:05 PM
To: < redacted >@purewire.com
Subject: Your friend invited you to twitter!
Your friend invited you to twitter!
Twitter is a service for friends, family, and co-workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?
To join or to see who invited you, check the attachment.
The attachment accompanying the email–Invitation Card.zip–contained a file named “document.doc (many spaces) .exe”. Even if the user's system was configured to show extensions for known file types, the file (after being extracted from the archive).
As with previous campaigns of this nature, if the user attempts to “view” the “invitation card”, they will infect their system with malware. To avoid becoming victims of these multi-facted social engineering attacks, users should be especially diligent when handling attachments claiming to be ecards, invoices, invitations, etc.