Twitter as a trojan delivery mechanism

Twitter as a trojan delivery mechanism -
There was an interesting write-up this morning on Kaspersi’s blog (the guys who make the antivirus) talking about a rogue Twitter profile that broadcasts links to a site spreading malware pretending to be a Flash player which then downloads and installed up to 10 banker trojans. This is not the first time security issues around Twitter have been discussed, but this one is interesting in that the technology behind it is quite simple, but the social engineering principle are quite scary. First of all, the confidence that people build up using Twitter is exploited as the URLs don’t look suspicious.Then there’s the fact that the malware pretends to be something Adobe created. It’s using the trust that Adobe have built over the years to pry access into the user’s domain.
Twitter themselves promise to be on the lookout for this sort of exploit, but it’s pretty difficult to monitor this sort of thing. They could use automated tools to scan URLs as soon as they are submitted. This itself would need tremendous computing power, but it doesn’t stop someone repointing the URL after it has been scanned. The best defence here is to be vigilant and to treat circumstances where someone promises an unrequested freebie as suspicious. Whether it’s a free supply or best diet pills, or free access to a website you normally need to pay for, the question you should be asking is: why?