Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« The "Banks Documents" Malware Ploy | Main | Medz Spammer Wants Orders NOW »

September 30, 2009

More Twitter Invitation Malware Lures

Just saw a blast of faux Twitter invitation email messages. Their look hasn't changed from earlier campaigns:

Fake Twitter invitation email message

Lower down in the message is a link to a (dot.sub-hosted) video that explains Twitter, followed by a login form. Although you might suspect the form is phishing for login credentials, the form actually submits to Twitter. No, friends, this isn't a phishing expedition. It's a malware delivery vehicle, where the payload is in the attached file named Invitation Card.zip.

Why should the crook bother grabbing just one set of login credentials when the Trojan that gets installed can load a password stealer for all your logins?

Posted on September 30, 2009 at 10:20 AM