Timing is everything, especially if you’re trying to spread malware. Last week, the developers of the popular Twitter application TweetDeck notified users that due to changes in the authentication protocols Twitter supports, users of older versions will have to upgrade.
Naturally, cybercriminals latched onto this bit of news and sent out their own Tweets saying the same thing. However, their malicious Tweets contained a URL-shortened link to what was supposedly a TweetDeck installer named tweetdeck-08302010-update.exe.
This particular file is not a legitimate installer but a TDSS variant detected by Trend Micro as TROJ_TDSS.FAT. The TDSS malware family functions as rootkits that can take complete control of affected systems. In addition, their complexity and sophistication makes them difficult to remove.
TweetDeck has officially warned users not to fall prey to this attack. In addition to detecting the malicious “installer,” the website hosting the malicious file has been blocked as well.
Trend Micro advanced threats researcher Paul Ferguson was earlier interviewed about this threat by PC World. His comments may be found here.