From Mashable.com Posted: 20 Jun 2009 10:51 PM PDT
Security sites are warning web users to beware fake Twitter invites in their email inboxes. The reports, based on an alert on Wednesday from Symantec, say the emailed invites come with a malicious attachment which, if downloaded, harvests email addresses from your computer and copies itself to removable drives and shared folders.
The emails carry the subject line “Your friend invited you to twitter!”, while the sender’s address is spoofed as “firstname.lastname@example.org”. Unlike a typical Twitter invite, however, the email contains no invitation link: instead it carries the attached file Invitation Card.zip, tempting the receiver to download it. The attachment, of course, contains W32.Ackantta.B@mm – a nasty, email address-harvesting worm.