Перейти к содержимому


Фото
- - - - -

New virus infects Windows and Mac OS via Twitter

Автор News Robot , июн 24 2009 03:00

  • Please log in to reply
Нет ответов в данной теме

#1 News Robot

News Robot

    Creator of the News

  • Dr.Web Staff
  • 8 012 Сообщений:

Отправлено 24 Июнь 2009 - 03:00

June 24, 2009

Doctor Web warns Internet community of a new threat that spreads over
the social networking and micro-blogging service Twitter. A link to a
malicious web-site is sent to subscribers of one of Twitter users. A
victim is lured into downloading a special codec supposedly required
to watch an adult video clip. The bogus web-site detects the operating
system of the victim and offers different pieces of malware for
Windows or Mac OS X.

The “ Leighton Meester sex tape video free download! “ message and the
link to a bogus web-site appeared in the micro-blog of a former Apple
employee on Wednesday, June 24.

The micro-blog has a significant number of subscribers (about 140
000), so the post was delivered to all the followers. The simple url
shortener service http://www.bit.ly/ directed all users clicking on
the url to http://www.nowpublic.com/ where they could watch the video.
However, as the use tried to view the clip, he was redirected to
http://worldt**e.su . Clicking on the video invoked a dialogue that
prompted the would-be-victim to download the ActiveXsetup.exe codec
file which was nothing more than a malicious program.

[IMAGE]

The malicious script at http://worldt**e.su uses a browser user-agent
to determine which operating system is installed on the target
machine. If the browser is running under Windows, a victim downloads
Backdoor.Tdss.119, if the target is a Mac, the supposed codec is
Mac.DnsChange.2. Launching ActiveXsetup.dmg starts install.pkg that
executes a Perl-script to download the main virus.

The malware spoofs DNS server addresses for requests sent by a user
via the browser address bar. This feature can be used to promote
web-sites and search engines or to redirect a victim to malicious
web-sites.

[IMAGE]

A link to http://worldt..e.su was removed from
http://www.nowpublic.com/ soon after the post had appeared. However,
it was available for more than 10 hours so it was not only displayed
on pages of subscribers but was quoted many times.

Doctor Web recommends all users to install and run licensed anti-virus
software with latest virus definitions. Users of Dr.Web security
Space, Dr.Web Enterprise Suite, Dr.Web for Mac OS X as well as
subscribers using the Dr.Web anti-virus service are protected from all
kinds of Internet threats.


View the article
Назад к Company news (English)
  1. Dr.Web forum
  2. English forums
  3. Company news (English)
  4. Privacy Policy
  5. Terms & Rules ·