Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Beware, Twitter enthusiasts! Spam posing as Twitter email notifications are currently proliferating in the wild. The spam are of two types—the first type attempts to steal personal information or login credentials while the second attempts to infect systems with malware.

    A legitimate Twitter notification email looks like this:

    Click for larger view

    It usually begins with “Hi, *name of user*” and contains the words, “You have a direct message:,” followed by the message itself.

    The two Twitter spam samples, on the other hand, look like these:

    Click for larger view Click for larger view

    The sample on the left uses a generic greeting while the email body only says, “You have 1 unreaded message from Twitter,” followed by a URL. This directs recipients to a site where they are asked to give out personal information. The sample on the right also uses a generic greeting along with the message, “You have 3 information message(s),” followed by a URL. Instead of asking the recipients for personal information when they click the link, malware are instead downloaded onto their systems. However, the malicious URLs are already inaccessible as of this writing.

    Spammers and cybercriminals have had a long history with Twitter and its users, as featured in these previous entries:

    To protect yourself against similar attacks, always pay attention to every detail in emails you receive. It is, after all, easy to distinguish what is real from what is not. All you need to do is carefully observe.

    Trend Micro™ Smart Protection Network™ already protects product users from this particular threat by preventing the spammed messages from even reaching their inboxes via the email reputation service and by blocking access to the phishing site via the Web reputation service. Non-Trend Micro product users can also stay protected by using free tools like eMail ID, a browser plug-in that helps identify legitimate email messages in their inboxes.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice