Doctor Web warns Internet community of a new threat that spreads over the social networking and micro-blogging service Twitter. A link to a malicious web-site is sent to subscribers of one of Twitter users. A victim is lured into downloading a special codec supposedly required to watch an adult video clip. The bogus web-site detects the operating system of the victim and offers different pieces of malware for Windows or Mac OS X.
The “ Leighton Meester sex tape video free download! “ message and the link to a bogus web-site appeared in the micro-blog of a former Apple employee on Wednesday, June 24.
The micro-blog has a significant number of subscribers (about 140 000), so the post was delivered to all the followers. The simple url shortener service http://www.bit.ly/ directed all users clicking on the url to http://www.nowpublic.com/ where they could watch the video. However, as the use tried to view the clip, he was redirected to http://worldt**e.su . Clicking on the video invoked a dialogue that prompted the would-be-victim to download the ActiveXsetup.exe codec file which was nothing more than a malicious program.
The malicious script at http://worldt**e.su uses a browser user-agent to determine which operating system is installed on the target machine. If the browser is running under Windows, a victim downloads Backdoor.Tdss.119, if the target is a Mac, the supposed codec is Mac.DnsChange.2. Launching ActiveXsetup.dmg starts install.pkg that executes a Perl-script to download the main virus.
The malware spoofs DNS server addresses for requests sent by a user via the browser address bar. This feature can be used to promote web-sites and search engines or to redirect a victim to malicious web-sites.
A link to http://worldt..e.su was removed from http://www.nowpublic.com/ soon after the post had appeared. However, it was available for more than 10 hours so it was not only displayed on pages of subscribers but was quoted many times.
Doctor Web recommends all users to install and run licensed anti-virus software with latest virus definitions. Users of Dr.Web security Space, Dr.Web Enterprise Suite, Dr.Web for Mac OS X as well as subscribers using the Dr.Web anti-virus service are protected from all kinds of Internet threats.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.