“The majority of the accounts pushing these things are clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse,” wrote Adam Kujawa of Malwarebytes in a blog post.
“one user had over 500 followers and tweeted nothing more than a shortened URL that looked like it might be coming from Linkedin”
“Clicking the “Install” button will offer the user the option to download the flash player files, when accepting they are provided with a RAR file that includes four files: The two DLLs and ReadMe.htm file all appear legitimate, however the Install_Adobe_Flash_Player.exe (third one down) is not so harmless. Upon launching it, the file itself is relocated to the systems Temp folder and made hidden.”
“According to my own dynamic analysis, the malware creates an establish connection with a remote server and drops additional malware, such as the “notepad.exe” that is found in the Temp folder and beaconing out to the same remote server as the initial Install file,” wrote Adam.