Twitter users are being hit by a new worm according to security company Symantec. The worm works by trying to lure Twitter users into opening an attachment containing malware that could take over Windows-based machines.
It works through a Twitter message that arrives claiming your friends are inviting you to join them and to check the attachment - which is a ZIP file - to find out who, says Kevin Haley, director of Symantec's security response division. "It's a new social-engineering trick," he says, adding the payload is Ackantta.B, a variant on the Ackantta worm that had been used in e-mail spam attacks.
The Twitter spam ruse with Ackantta.B is a clumsy trick but if the victim did open the attachment, malware would install itself on the victim's machine which would try to find email contacts to mail itself off further.
The malware would also send the victim's IP address to a list of owned machines and the machine would be prepared for future downloads of additional malware.
So far, the Twitter worm is not spreading very rapidly, according to Symantec, adding updated anti-virus software should contain it.