A wave of fake Twitter email invitations sent in hopes of luring people to unzip a file to find out who invited them has been hitting unsuspecting victims. The message carries a mass-mailing worm. It looks around on infected computers and sends emails to addresses it finds.
The message appears as if it came from a Twitter account, but unlike a legitimate Twitter message, there is no invitation URL in the body of the email. Instead, the user sees an attachment that appears as a .zip file containing an invitation card. When the zip file is opened, the virus spreads.
The header on the email invitation reads "From: firstname.lastname@example.org, Subject: Your friend invited you to twitter!"
The infected machines transmit a signal to a Web site, providing the opportunity for the "bad guys" to download misleading applications known as rogueware, or scareware. "It alerts the computer owner that it has found malware on the machine, but if you pay me $49.95 to download the software I'll get rid of it for you," says Kevin Haley, director, Symantec Security Response, Cupertino, Calif. "A lot of bad guys are making millions of dollars. Some of these guys are doing that in a year, possibly more than that."
There have been a rash of attacks using Twitter as the bait, as the site continues to grow in popularity. Earlier this month, users were invited to click on something that resembled a link to a YouTube video. The program embedded in the link opened a second site that prompted a malware-infected PDF to download and later installed a rogue security application.
In May 2009, Symantec observed overall spam levels climb to nearly 90% of all email, consistent with levels seen in the year-ago month. Symantec expects that spammers will continue to use Twitter and other popular social networks as bait in their attacks.
Twitter was the fastest-growing Web brand in May 2009 -- up from 1.2 million unique visitors in May 2008 to 18.2 million in 2009, according to Nielsen. The research firm says despite being the fastest-growing brand year-over-year, Twitter's month-over-month growth has begun to slow, increasing 7% from April. The average time per person on Twitter rose 175% from the prior year, from 6 minutes and 19 seconds in May 2008 to 17 minutes and 21 seconds in May 2009. However, month-over-month growth was flat, declining 1% from April 2009.
Haley says Twitter has replaced Facebook as the social tool of choice to infect consumers. "The mean girls like to pick on the most popular person," he says. "The mean girls were picking on Facebook and now they are picking on Twitter."