September 30, 2009More Twitter Invitation Malware Lures
Just saw a blast of faux Twitter invitation email messages. Their look hasn't changed from earlier campaigns:
Lower down in the message is a link to a (dot.sub-hosted) video that explains Twitter, followed by a login form. Although you might suspect the form is phishing for login credentials, the form actually submits to Twitter. No, friends, this isn't a phishing expedition. It's a malware delivery vehicle, where the payload is in the attached file named Invitation Card.zip.
Why should the crook bother grabbing just one set of login credentials when the Trojan that gets installed can load a password stealer for all your logins?Posted on September 30, 2009 at 10:20 AM