I’ve been noticing a lot of spam on Twitter recently, especially tweets touting the latest and greatest malware, er I mean “PC cleaners”. How are all these tweets being generated in such a short period of time? The answer – a Twitter bot.
We got a hold of one of these bots recently and it looks relatively harmless. They even stole the image of Eve from Wall-E to make it look more innocent. It has a EULA and a fairly standard install:
Once the installation is complete, this is what you see:
All that remains is to log in and start spamming.
Sophos detects this as Troj/Twambot-A.