Twitter spammers start sending malware via Tweets
The link in the post above is blurred, but leads on to a site hosting some JavaScript.
As security analysts trendmicro points out, if this JavaScript is executed by the browser, an “unpleasant payload” is delivered to the user’s PC.
Trendmicro has seen malicious PDF documents and executable files appear via this spam which, once running, tries to connect to download even more malware.
By using an “@” reply in the tweet, this strategy is a change from the Gaza and FIFA World cup Twitter spam run earlier this month which used social engineering to lure people into thinking they were clicking on a news item.
The malware downloaded in that case performed such operations as sending and receiving files, keylogging, and retrieving user names and passwords.