It’s now the turn of Twitter users to get hit by Malware and Spyware
Symantec’s Security Response says it is investigating a botnet using Twitter as a command and control structure to distribute malware, and has called the detected malware Downloader.Sninfs.
The malware currently being downloaded by Downloader.Sninfs is known to Symantec as Infostealer.Bancos. The end goal of distributing this malware allows cybercriminals to steal passwords, in this case through a phishing site emulating certain Brazilian banks.
Although Twitter.com has been used in this instance there are plenty of alternative sites on the Internet that could also be used. Our investigation and analysis of this threat has shown that infected computers were following the Twitter feed “Upd4t3” (which Twitter has now suspended) through its RSS feed, and that the compromised Twitter account was sending these compromised systems information where additional threats could be downloaded. Essentially, the Twitter RSS file was acting like a configuration file for the malware.
At this time we have not seen any additional commands other than download files being issued through the Twitter.com RSS feed, and are continuing to investigate whether this is in fact a botnet.
Symantec customers are already protected against Downloader.Sninfs and Infostealer.Bancos. Symantec advises all computer users to keep their security software updated with the latest definitions, keep their computer systems clean and continue to use general best practices for staying safe online. Best practices include not accepting “friend” or “follow” requests from people you don’t know or trust on social networking sites, not clicking on links from untrusted sources, and ensuring that passwords for social networking and other sites are robust to prevent cybercriminals gaining access.