Recently, we have several warnings about the risk of being virus infected when users open files attached with phishing emails targeting popular social networking sites such as Facebook or Twitter. However, it seems that users are still indifferent to such warnings. That explains why such infecting methods are still effective for hackers, and new waves of attacks with similar methods are constantly emerging. And this time Twitter is taken advantage.
Figure 1: Phishing emails targeting Twitter.
The ultimate goal of the attacker is to persuade you to believe in these emails, and then trick you into opening the attached file. Of course, without due caution you will easily follow the hacker’s scenario; and as a result, your computer gets infected with virus.
This virus (detected by Bkav as W32. Ziktwitters.Worm) downloads a lot of other malwares including FakeAV and constantly distributes advertising emails as well as phishing emails to other users.
Figure 2: Virus distributes advertising emails and phishing emails.
This virus author seems to be a guy with sense of humor upon choosing a very funny data decryption code :)
Figure 3: Data decryption
Obviously, it is the user’s subjectiveness when receiving the information from the Internet, particularly when opening unknown files without any idea about the emails’ authentication that helps hacker to widely spread virus.
Nguyen Cong Cuong
Senior Malware Researcher