Beware of Twitter Direct Messages That May Contain a Backdoor Trojan

Suspicious direct messages from Twitter friends, which have surfaced over the past few months, may be malicious “backdoor trojans,” according to security analysts.

A typical malicious message might include the following text: “lol u didnt se them taping u.” The message may also include a link to Facebook. Shorthand and typos are common in these messages. Other variations include, “your in this [link] lol” and “lol ur famous now [link].”

The infected messages have become quite prevalent on Twitter, Sophos analyst, Graham Cluley wrote on Sophos’ Naked Security blog.

Upon clicking on one of these links, a video player with the message, “An update to Youtube player is needed” will appear. Users are asked to download the player (FlashPlayerV10.1.57.108.exe) but, of course, it is actually Troj/Mdrop-EML–a backdoor Trojan that can replicate itself to accessible drives and network shares.

This type of Twitter spam is hardly a new development. Phishing by way of emails, purportedly from Twitter support, which include a malicious link, is another way hackers have targeted Twitter users.

Twitter, however, is not alone as Facebook has also had some major issues with spam and phishing.

An example, from CNET:

“Last year, spam-artist Sanford Wallace was accused of breaking into 500,000 accounts to send 27 million spam e-mails on the social network. Even though Wallace surrendered to the FBI, Facebook users still receive copious amounts of spam. Last month, the social network announced a new attempt to curb the practice by launching a select e-mail address,, where users can send the social network notices of phishing.”

Currently, it is unknown as to who is behind this malware. And, it is also unclear, according to CNET, as to whether or not Twitter is doing anything to put the kibosh on it.

Photo Credit: