Attackers are targeting Twitter users with a Trojan stealing online banking credentials, according to researchers.
“The initial Trojan is downloaded to the victim machine by a malicious Java archive file,” explained Dmitry Bestuzhev of Kaspersky Lab. “It has several malicious features, for example: spreading through USB devices; it disables Windows task manager, the regedit application and also notifications from Windows Security Center. Also it creates a copy of itself in the system with the name of Live Messenger. The criminals even included an anti-virtualization feature. The worm checks if the hard drive of infected system is virtualized or not. If found to be in a virtual system, the malicious code won’t be executed.”
The malicious links being tweeted out come with the message “haha this is the funniest video ive EVER SEEN!” Researchers at F-Secure noticed the attack as well, and said the links in the tweets point to a page under pc-tv.tv.
“This malware is very harmful since credit cards and online banking credentials are in the game,” Bestuzhev blogged. “Please, be really careful especially with trend topics (searches) since in many cases they are being used by criminals.”