Several users have reported getting direct messages from friends using rather informal messages and then adding a link right after.
Many would naturally click on the link, most likely out of curiosity but more because it came from someone they actually know or is within their network.
The entire scheme is a malware attack that lets users who follow the instructions download a Trojan virus that will replicate itself over different computer systems.
The message may look like this:
The real reason how accounts on Twitter became vulnerable to the attack is not fully understood at the moment. However, Twitter users in general are advised not to immediately click on links even if these come from a friend online to avoid further problems.
Other inviting statements are also used to encourage receivers to click on the link. When you do, a message will instruct you to update you YouTube player to watch the video. When users install the software, the program “FlashPlayerV10.1.57.108.exe” will enter the computer system — there’s the Trojan.
Notice how discussions on the malware threats on Twitter spiked on September 24, when the media started sending out alerts on possible attacks. For the day alone, the hashtag #malware generated as much as 57,681 impressions.
Twitter, Facebook and other social media sites have been the targets of similar attacks through the years. Other examples include receiving email messages that also deceive the account user to download files that would subsequently infect the system.
GFI Labs (@GFILabs), an online security specialist firm said that the Google Chrome browser would naturally warn users that the download seems to be dangerous or malicious. However, the new malware attack would conceal itself by letting users believe that they’re only downloading a regular Flash Player.
The Umbra Loader is downloaded instead, which is a Botnet creation tool that will cause a variety of problems. Twitter users are also encouraged to practice more safety approaches that will protect others from downloading the file.