There’s a new variant of W32.Koobface, a worm that was discovered in August last year, according to Symantec Security Response. It’s called called W32.Koobface.C.
It’s a good ol’ Twitter hijacker that is activated when a user inadvertently installs an “AntiVirus2008” program.
Once hijacked, an infected Twitter account posts tweets in an attempt to infect more people. It’s usually a link to the malicious software with titles such as “my home video :)”, “watch my new private video! LOL :)” and “michaeljackson’ testament on youtube”.
You know, the sort of banal tweets that most people would never ever post in real life, and yet must still get some kind of response.
Users who do click on the link are taken to a fake video web site that tries to get them to install a “video codec”, which is in fact the W32.Koobface.A virus.
As usual, be careful what you click on.
