Attackers have taken to Twitter to spread malware via links pointing to what they claim is an update to the popular microblogging client TweetDeck.
A number of updates were sent from hacked Twitter accounts urging users to download a file called "tweetdeck-08302010-update.exe."
The tweets began with phrases, such as “Hurry up for tweetdeck update!” or “Download TweetDeck udate ASAP!,” and included a URL beginning with http://alturl.com/.
The links did not lead to a legitimate TweetDeck update, but instead brought users to a trojan, according to a blog post by Graham Cluley, senior security researcher at Sophos.
Some of the malicious tweets referenced the UK's national Bank Holiday, which occured on Monday. The tweets read, “Critical tweetdeck update Bank Holiday” and “Update TweetDeck! Bank Holiday.”
“TweetDeck itself is a British company and mention of the Bank Holiday might lead one to suspect that the bad guys behind this attack are also based in the UK,” Cluley wrote.
TweetDeck has issued a warning about the fake update and urged users against downloading it. All TweetDeck updates should be downloaded from the company's official website, the company said.
Meanwhile, Twitter said it is resetting the passwords for accounts delivering the bogus tweets.
See original article on scmagazineus.com