Twitter DMs from your friends can lead to Facebook video malware attack

Filed Under: Facebook, Featured, Malware, Twitter

Tweetie birds. Image from ShutterstockHave you received a Twitter message from an online friend, suggesting you have been captured in a Facebook video?

A number of Naked Security readers have been in touch in recent days regarding a variety of direct messages that have been spammed out from compromised Twitter accounts.

The aim of the messages? To trick the unwary into clicking on a link.. and ultimately infect computers.

Here is one example:

Twitter direct message

your in this <Link to page on Facebook.com> LoL

And here's another. Note that there are many different combinations of wording that can be used.

Twitter direct message

you even see him taping u <Link to page on Facebook.com> thats awful

Users who click on the link are greeted with what appears to be a video player and a warning message that "An update to Youtube player is needed". The webpage continues to claim that it will install an update to Flash Player 10.1 onto your computer.

Malicious webpage

In this example, the program you are being invited to download is called FlashPlayerV10.1.57.108.exe, and is detected by Sophos anti-virus products as Troj/Mdrop-EML, a backdoor Trojan that can also copy itself to accessible drives and network shares.

Quite how users' Twitter accounts became compromised to send the malicious DMs in the first place isn't currently clear, but the attack underlines the importance of not automatically clicking on a link just because it appeared to be sent to you by a trusted friend.

If you do find that it was your Twitter account sending out the messages, the sensible course of action is to assume the worst, change your password (make sure it is something unique, hard-to-guess and hard-to-crack) and revoke permissions of any suspicious applications that have access to your account.

Birds image from Shutterstock.

, ,

You might like

4 Responses to Twitter DMs from your friends can lead to Facebook video malware attack

  1. Stephen Hall · 767 days ago

    This happened to me recently. Luckily, when I stupidly clicked on the link, nothing else seemed to happen. I have done a malware scan and all seems to be clean. Thanks for the warning!

  2. Nigel · 767 days ago

    Something just occurred to me. I wonder whether the kind of people who consider things like Facebook and Twitter to be in indispensable part of their lives are already predisposed to be vulnerable to scams like the one reported here. Apparently the scammers think so, and they find it a fertile ground for harvesting their victims.

  3. ELOISE · 766 days ago

    THIS HAPPENED TO MY SISTER ABOUT THE VIDEOS WHICH STATED THAT CERTAIN NAMED PEOPLE (ME INCLUDED) HAD VIDEOS ABOUT THEM. WELL, I DON'T HAVE VIDEOS & ONLY 1 PICTURE ON MY FACEBOOK PAGE & I KNEW IT WAS MALWARE, ESPECIALLY WITH THE MISSPELLINGS!
    THEN THERE WERE TWO SEPARATE ONES ON MY GRANDDAUGHTER'S FACEBOOK PAGE EXPOUNDING ON A PRODUCT THAT HELPED HER LOSE WEIGHT: 26 LBS ON 1 POST & 32 LBS. ON THE OTHER POST. IF MY GRANDDAUGHTER LOST THAT MUCH WEIGHT SHE WOULD BE DEAD AS SHE IS PERFECTLY NORMAL IN WEIGHT & A SMALL BUILT PERSON. I COMMENTED ON THE FIRST ONE THAT THIS WAS A SCAM. THE SECOND ONE I COMMENTED THAT IT WAS ALSO A SCAM AS WELL AS 'THE 'IGNORAMUSES' DIDN'T PAY ATTENTION TO WHAT THEY POSTED ABOUT HOW MUCH WEIGHT SHE LOST ON BOTH THEIR. POSTINGS. BESIDES, HER FB FRIENDS KNEW SHE DIDN'T NEED TO LOSE OR LOST ANY WEIGHT!!

    THIS WAS ABOUT 2 WEEKS AGO; YOU'RE AWFULLY SLOW IN REPORTING THIS!!!

  4. Simon · 707 days ago

    You'd spot whether an email was genuinely from a friend in a heartbeat, but I know actual writers who use txt spk here and there on Twitter (and other places, when they're travelling and on their phones), because they're restricted to 140 characters and a phone interface.
    So you start out with less to go on.. then the link is embedded into the Facebook app surround, making it a lot more convincing than your standard copied JPEG.

    I imagine it started with one direct message and the acquisition of one more trusted Twitter account's details.

    .. I don't think hackers assumed anything like that, Nigel. I think that's just you.
    You talk like nobody ever tried to hack using an email before. They'll use any route.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.