You’ve got Twit…err Problems!

  • June 8, 2010
  • 2 min read

There is a new spam going around dropping malicious binaries and variants of rogue security softwares. We got this specific email few hours ago

Fake Email

There have been few alterations of the same email, ( More can be seen here ), and if looked closely all hyperlinked texts point to a non-twitter related url. We went to the specific link, and here is what we were looking at

Suspicious enough, and though currently the link seems to be not working we were able to get the sample. As of currently the detection rate is reasonably good, with most major vendors detecting the malware. Emsisoft Anti-Malware (EAM) was one of the first few vendors detecting the sample , and EAM users are completely safe from this specific malware dropper. We have already started analyzing the sample and related dropped samples , and we will keep you updated.

Few observations

1. Attachment comes with the name Twitter_security_model_setup.zip

2. Subject of the email varies like

3. Normally the start of the email has something similar to

The malware drops some random named files,like topwesitjh. A search made on the word brings out references of rogue security softwares and we encountered something similar in our lab. On execution, the malware finally leaves behind another rogue security software in the user’s system. Here are some screenshots of the malware’s payload.

1. Creates following files on the desktop

2. Fake warnings through balloon like popups starts appearing

3. Replaces Security Center with a fake resemblance

4. Another rogue security software on it’s way

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

We are currently carrying out a detailed analysis, and we plan to make another post very soon with our findings. Till then, happy twitting but make sure you click safe. Keep your Emsisoft Anti-Malware updated with latest definitions and also make sure Anti-Malware Guard is enabled.

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next