The Symantec Security Response team has alerted users that it is monitoring a new variant of the W32.Koobface worm that was originally discovered in August 2008.
"This new variant detected as W32.Koobface.C, installs the misleading application detected as AntiVirus2008, and is propagating on Twitter," Symantec warned.
Symantec said the worm hijacks Twitter accounts of the infected users and posts tweets to infect followers. Once an infected user logs on to Twitter, Koobface hijacks the session and posts a tweet to the user's account, Symantec said.
If a user clicks the link embedded in the rogue tweet, they are redirected to a fake video website. The user is then asked to download a codec to watch the video. This codec is a copy of W32.Koobface.A, Symantec warned.