Earlier today Rik Ferguson at the Countermeasures blog posted about a new malware threat that came from Twitter. The details are at his post but the short version is as follows: Somehow, the Twitter account of noted venture capitalist, Guy Kawasaki, was compromised and a malicious tweet was posted. It came with a link that claimed to connect to a free download of the latest Hollywood sex tape, one belonging to the actress from the TV series Gossip Girl, Leighton Meester. While the tape may be real and quite timely, the link wasn’t, as after making the user jump through a few hoops, he/she ends up being asked to download… what else (?) but a malicious file.

If this all sounds a little familiar, it should be. It has been said that sex sells, and, in this case, it does so particularly well. In addition, because it was seen on the Twitter feed of a fairly reputable person-Guy Kawasaki-people would think it wasn’t necessarily malicious.

Somewhat uniquely, both Mac and Windows users are affected by this threat. Mac users automatically download OSX_JAHLAV.B while visiting malicious sites. This arrives as cold-live7000.dmg, a disk image file that contains anINSTALL.PKG file, which contains the preinstall and preupgrade files, both detected as UNIX_JAHLAV.A. Executing theINSTALL.PKG file displays a message, prompting the user to click Continue to finish installing the software or, rather, malware while connecting to the IP address, {BLOCKED}.102.{BLOCKED}.106 to download and execute additional components in the background.

Windows users, on the other hand, download TROJ_JAHLAV.B. As with its OS X counterpart, this can be unknowingly downloaded by users while visiting malicious sites. And like the former, it also displays a graphical user interface (GUI) to hide its execution, which can be triggered by clicking any button. It then connects to a site where it downloadsTROJ_ALLUREON.AME, which exhibits malicious routines on the affected system.

Fortunately, through the Trend Micro Smart Protection Network, all malicious sites are blocked and all related malware are detected. Thus, users need not worry about being infected.

Users should always take be careful about the sites they visit, even if the link comes from a safe source, lest they suffer the same fate as the proverbial curious cat.