Everywhere a tweet, tweet

I’ve been noticing a lot of spam on Twitter recently, especially tweets touting the latest and greatest malware, er I mean “PC cleaners”. How are all these tweets being generated in such a short period of time? The answer – a Twitter bot.

We got a hold of one of these bots recently and it looks relatively harmless. They even stole the image of Eve from Wall-E to make it look more innocent. It has a EULA and a fairly standard install:

Twambot Install

Once the installation is complete, this is what you see:

Twambot Run

All that remains is to log in and start spamming.

Sophos detects this as Troj/Twambot-A.