Follow AppRiver

AppRiver Posts In Your Inbox

Your email:

Browse by Tag

Current Articles | RSS Feed RSS Feed

Twitter Invitations Lead to Malware


Today we discovered a malware campaign posing as Twitter invitations. These messages appear to come from invitations@twitter[dot]com. They inform you that a friend has invited you to join twitter. The messages contain a legitimate link to twitter but they also have an attachment (Invitation Card[dot]zip). The attached file is in fact a dangerous worm that has been around for some time but is still making the rounds.

Copy of the message:

This malicious program contained in the .zip file, is an Email & P2P worm that intercepts user requests to websites and redirects them to a malicious URL. When executed the worm creates an executable with autorun enabling keys to ensure that it is launched each time the system is restarted.

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] "RTHDBPL"="%appdata%\SystemProc\lsass.exe"

The malicious program terminates the processes of many commonly used antivirus programs. The malicious program then monitors web pages that are visited waiting for certain keywords to appear in a webpage’s headers. When one is visited with headers containing one of these words, it forces a redirect to a malicious webpage. The malicious program also harvests email addresses from various locations on the machine, then begins sending them phishing messages for popular banking websites.

Of course all of our customers are safe from this threat as well as the phishing messages that it produces.


Currently, there are no comments. Be the first to post one!
Post Comment
Website (optional)

Allowed tags: <a> link, <b> bold, <i> italics