This is a repost… the original post is from PandaLabs. A few days ago the Koobface worm started to appear on Twitter. Today, the Koobface worm returns by hijacking several Twitter user accounts to assist in propagating the worm. The malicious tweets start with the text “My Home Video :)” followed by a link to one of 20 or so malicious sites.Cybercriminals are experimenting with a new feature introduced in one of the latest Koobface variants – the ability of the worm to hijack the Twitter accounts of infected users and post tweets in an attempt to infect their followers.
According to researchers from TrendMicro, once the infected user attempts to log into Twitter, Koobface hijacks the session and posts a tweet on behalf of the user.
Would this novel feature allow the worm to spread even more efficiently? It largely depends on whether or not they’d remove the beta label from it, and go mainstream with the feature.
Once on the malicious site, the victim becomes assaulted with a fake flash update and the infection starts to communicate with Facebook and Twitter immediately after downloading two additional executables from a domain hosted in Belgium.
After attempting to spread the infection on Facebook and Twitter, the W32/Koobface.DU.worm further capitalizes on its efforts by installing the Adware/InternetAntivirusPro Rogue Antivirus.
Twitter has responded to the threat quickly and have already made an effort of removing the malicious tweets. We detected around 100 still active malicious tweets at the time of writing this.