Attackers took to Twitter on Monday to spread malware via links pointing to what they claimed was an update to the popular microblogging client TweetDeck.
A number of updates were sent from hacked Twitter accounts urging users to download a file called “tweetdeck-08302010-update.exe.”
The tweets began with phrases, such as “Hurry up for tweetdeck update!” or “Download TweetDeck udate ASAP!,” and included a URL beginning with http://alturl.com/.
The links, however, did not lead to a legitimate TweetDeck update, but instead brought users to a trojan, Graham Cluley, senior security researcher at Sophos, wrote in a blog post Tuesday.
Some of the malicious tweets referenced the U.K.’s national Bank Holiday, which occured on Monday. The tweets read, “Critical tweetdeck update Bank Holiday” and “Update TweetDeck! Bank Holiday.”
“TweetDeck itself is a British company and mention of the Bank Holiday might lead one to suspect that the bad guys behind this attack are also based in the U.K.,” Cluley wrote.
TweetDeck has issued a warning about the fake update and urged users against downloading it. All TweetDeck updates should be downloaded from the company’s official website, the company said.
Meanwhile, Twitter said it is resetting the passwords for accounts delivering the bogus tweets.