Scammers prey on required Twitter update

With some users forced to update their TweetDeck Twitter software on Tuesday, criminals see a chance to spread Trojans

Scammers are trying to take advantage of the fact that many users will soon have to update their version of the TweetDeck Twitter software.

On Monday, TweetDeck warned that some Twitter messages were advising people to upload an untrustworthy executable file, called tweetdeck-08302010-update.exe.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

"These tweets are from hacked accounts and this file does not come from us. Do not download it," TweetDeck said in a post on its support page.

The software is a generic Trojan horse program that is not detected by most antivirus products, said Paul Ferguson, a researcher with Trend Micro. This type of software is used to download a variety of different malicious programs such as password-stealing keyloggers.

Users of the older versions of TweetDeck really will have to update their software Tuesday, as Twitter is expected to pull support for a programming interface used by TweetDeck releases prior to version 0.33.

Scammers apparently see this as an opportunity. On Monday, numerous posts were viewable on Twitter, telling users to update TweetDeck. "Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!" reads one post.

The scammers have also included popular Twitter search terms such as "emmys" in the messages, presumably so they will turn up in search results and trick people.

The fake updates are hosted on the Alturl.com website. The only place that real TweetDeck updates can be found is: http://www.tweetdeck.com/desktop/

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's email address is robert_mcmillan@idg.com

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies