Samker's Computer Forum - SCforum.info

World TOP Headlines: => Latest Security News & Alerts => Topic started by: Samker on 31. August 2010., 16:51:54

Title: "TweetDeck" Trojan Spread Around Like a Fake Update (alturl.com, update.exe)
Post by: Samker on 31. August 2010., 16:51:54

(http://ferdian.web.id/wp-content/uploads/2009/08/tweetdeck.jpg)

Scammers are trying to take advantage of the fact that many users will soon have to update their version of the TweetDeck Twitter software.

On Monday, TweetDeck warned that some Twitter messages were advising people to upload an untrustworthy executable file, called tweetdeck-08302010-update.exe.

"These tweets are from hacked accounts and this file does not come from us. Do not download it," TweetDeck said in a post on its support page: http://support.tweetdeck.com/entries/249941-do-not-download-fake-tweetdeck-update-appearing-on-twitter (http://support.tweetdeck.com/entries/249941-do-not-download-fake-tweetdeck-update-appearing-on-twitter)

The software is a generic Trojan horse program that is not detected by most antivirus products, said Paul Ferguson, a researcher with Trend Micro: http://www.virustotal.com/file-scan/report.html?id=73a57edb2e301b0bff4c5f301e160aa433f8abae737bf0cd4dc1e4c44e1a05dd-1283211616 (http://www.virustotal.com/file-scan/report.html?id=73a57edb2e301b0bff4c5f301e160aa433f8abae737bf0cd4dc1e4c44e1a05dd-1283211616)
This type of software is used to download a variety of different malicious programs such as password-stealing keyloggers.

Users of the older versions of TweetDeck really will have to update their software Tuesday, as Twitter is expected to pull support for a programming interface used by TweetDeck releases prior to version 0.33: http://support.tweetdeck.com/entries/245454-important-twitter-basic-auth-switch-off-in-7-days-upgrade-now (http://support.tweetdeck.com/entries/245454-important-twitter-basic-auth-switch-off-in-7-days-upgrade-now)

Scammers apparently see this as an opportunity. On Monday, numerous posts were viewable on Twitter, telling users to update TweetDeck. "Sorry for offtopic, but it is a critical TweetDeck update: http://search.twitter.com/search?q=http%3A%2F%2Falturl.com%2Fp9224 (http://search.twitter.com/search?q=http%3A%2F%2Falturl.com%2Fp9224) It won't work tomorrow!" reads one post.

The scammers have also included popular Twitter search terms such as "emmys" in the messages, presumably so they will turn up in search results and trick people.

The fake updates are hosted on the Alturl.com website.

The only place that real TweetDeck updates can be found is: http://www.tweetdeck.com/desktop/ (http://www.tweetdeck.com/desktop/)

(PCW)