Fake Micro-blogging Invitations Dropping W32.Ackantta.B@mm Worm

News

Contributed by: Aurelija
Date: June 22, 2009

	5 Vote 0	Fake Micro-blogging Invitations Dropping W32.Ackantta.B@mm Worm

Popular social networking and micro-blogging websites have always attracted not only you and me, but also a whole bunch of cyber criminals aiming to spread their malicious activities on a mass scale. Two weeks ago everybody was concerned about massive attacks on Twitter - a huge micro-blogging site - trying to steal user's credentials and infect user's system with rogueware. It seems that these types of attacks have proven to profitable as hackers have now started a new wave of malicious attacks on Twitter... This time with the aim to spread the mass-mailing W32.Ackantta.B@mm worm.

How does this attack take place, and what should everyone pay attention to? Everything starts with a spam message claiming to be an invitation to Twitter. The message is purportedly being sent from invitations@twitter.com and comes with the subject line "Your friend invited you to twitter!" It really seems that the email comes from a Twitter account. However, legitimate Twitter messages usually come with an invitation URL in the body of the message. And in this case no URLs are given at all.

Receivers are prompted to download and open a .zip attachment which purportedly contain an invitation card. The attached Invitation Card.zip is actually a malicious mass-mailing worm detected as W32.Ackantta.B@mm. This worm was first discovered in an e-card virus attack in February.

In this case, if the victim opens the attachment, W32.Ackantta.B@mm will immediately install itself in the infected machine. According to Symantec, the malware will then gather "email addresses from the compromised computer and spread, by copying itself to removable drives and shared folders." Most probably, the victim's IP address will also be sent to a list of infected machines and cyber criminals will be able to use it for additional malware downloads.

Here you can find the alias names of W32.Ackantta.B@mm:

Alias Names

Backdoor.Rbot!IK

TR/Dropper.Gen

W32/Heuristic-300!Eldorado (Heuristic)

Win32:VB-LPU [Drp]

Worm/Generic.ZOI

Win32/Fruspam.AC worm.

W32.W.AutoRun.fv

Trojan.Packed.2457

Trojan:W32/Agent.KLH [Orion]

W32/Xirtem@MM!8b1f20b9

W32/VBDrop.L!tr

Worm.Win32.AutoRun.fvc [Engine:A]

Backdoor.Rbot

Worm/AutoRun.hzr

Worm.Win32.AutoRun.fvc

Worm.AutoRun.409637

W32/Xirtem@MM!6DA1

VirTool:Win32/VBInject.AQ

Worm.AutoRun.fvc

Trojan.Win32.Danger.GEN [Suspicious]

Troj/VBDrop-L

TROJ_VB.HZZ

Worm.AutoRun.NTX

Table 1. Alias names of the malware

As Twitter is increasingly gaining more popularity among simple Internet users, more and even stronger malicious attacks can be expected to target this micro-blogging site. Therefore, it's extremely important to be cautious and to use appropriate and up-to-date anti-virus software in order to prevent W32.Ackantta.B@mm and many other similar infections. Use your common sense and don't open every attachment you find in your inbox because you can never know which one of them will drop a virus...

Resources:
W32.Ackantta.B@mm
Mass-Mailing Worm in Fake Twitter Account Invite
Twitter Spam Spreads Worm
Alias names

User Comments

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Download (Spyware/Trojan Detection), SCAN, BLOCK Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now