Mass-Mailing Worm in Fake Twitter Account Invite

Last month we reported that spammers had used Twitter as bait to lure innocent victims into a phishing trap, and now we’re seeing a wave of fake Twitter invitations that come carrying a mass-mailing worm. The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead, the user will see an attachment that appears as a .zip file that purportedly contains an invitation card.

Invitation Card.zip is the name of the malicious attachment, and it is being identified as W32.Ackantta.B@mm, which was first discovered in an e-card virus attack in February. W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removable drives and shared folders.

Here is what the message looks like in an inbox:

And here is a sample header:

From: invitations@twitter.com
Subject: Your friend invited you to twitter!

As Twitter continues to gain popularity among social networking users, people are regularly receiving invitations and email updates from fellow users. We expect that spammers will continue to use Twitter and other popular social networks as bait in their attacks.