By Joel Hruska
August 05, 2008 - 10:35PM CT

Social websites like Facebook and MySpace have attracted a great deal of attention as targets of opportunity for phishing scams, but they are scarcely the only two social networking sites.

New information suggests that hackers have tuned in to the newfound popularity of microblogging, and are at the very least evaluating Twitter as a potential target. In a blog post at Kaspersky Labs' Viruslist, Dmitry Bestuzhev describes the attack and how it functions. The Twitter profile itself was created specifically for the attack; profile information is posted in Portuguese.

There's nothing on the page but a link to a video promising hot girl action, actually clicking on the file redirects the browser and instructs the user to download a new version of Adobe Flash that's supposedly required to watch the "film." By this point, alarm bells should've been ringing if they haven't already gone off; end-users who install the fake Flash update end up with what Dmitry describes as 10 banker Trojans, all disguised as MP3 files.

Based on information in the profile, the location of the web servers, and the e-mail the malware program sends, he believes this attack originated in Brazil—though it's virtually impossible to be 100 percent sure. The actual payload is nothing new, and delivery requires little more than a web server and some Trojans. The threat, as is typical with phishing schemes, lies within the attack vector itself.