Following on from last month’s phishing attacks on Twitter via the mass distribution of spam messages, Symantec Security Response has now detected a wave of fake Twitter invitations that come carrying a mass-mailing and malicious worm.
The observed messages appear as if they have been sent from a Twitter account; however, unlike a legitimate Twitter message, there is no invitation URL present in the body. Instead the user will see an attachment that appears as a .zip file that purportedly contains an invitation card. The malicious attachment carries a mass-mailing work that gathers email addresses from the compromised computer and spreads by copying itself to removable drives and shared folders.
And here is a sample header:
From: invitations@twitter.com
Subject: Your friend invited you to twitter!
In May 2009, Symantec observed that overall spam levels climbed to nearly 90 percent of all email, consistent with levels ob-served in May 2008. As Twitter continues to gain popularity among social networking users, people are regularly receiving invitations and email updates from fellow users. Symantec expects that spammers will continue to use Twitter and other popular social networks as bait in their attacks.