The Symantec Security Response team has alerted users that it
is monitoring a new variant of theW32.Koobfaceworm that was originally discovered in
August 2008.
"This new variant detected as W32.Koobface.C, installs the
misleading application detected as AntiVirus2008, and is
propagating on Twitter," Symantec warned.
Symantec said the worm hijacks Twitter accounts of the infected
users and posts tweets to infect followers. Once an infected user
logs on to Twitter, Koobface hijacks the session and posts a tweet
to the user's account, Symantec said.
If a user clicks the link embedded in the rogue tweet, they are
redirected to a fake video website. The user is then asked to
download a codec to watch the video. This codec is a copy of
W32.Koobface.A, Symantec warned.
