Twitter spam bearing a worm virus is on the loose today trying to lure Twitter users into opening a malicious file attachment containing malware that could take over Windows-based machines, Symantec is warning.
It works through a Twitter message that arrives claiming your friends are inviting you to join them and to check the attachment -- which is a ZIP file -- to find out who, says Kevin Haley, director of Symantec's security response division. "It's a new social-engineering trick," he says, adding the payload is Ackantta.B, a variant on the Ackantta worm discovered in February that has been used in e-mail spam attacks.
The Twitter spam ruse with Ackantta.B is a clumsy trick but if the victim did open the attachment, malware would install itself on the victim's machine which would try to find e-mail contacts to mail itself off further.
The malware would also send the victim's IP address to a list of owned machines and the machine would be prepared for future downloads of additional malware.
So far, the Twitter worm is not spreading very rapidly, according to Symantec, adding updated anti-virus software should contain it.