Twistcosm.com
Twistcosm.com is a website that's used to install malicious software via multi-step attacks – with a payload that potentially includes banking Trojans and other forms of spyware. These attacks are coordinated by fake EPA mass-mailed e-mail that include malicious file attachments that (once opened) will use both Cooldcloud.com and Twistcosm.com to install other PC threats. Some exploits from these sites have been found to be specific to Windows XP or Server 2003, but SpywareRemove.com malware researchers warn that associated PC threats such as Gameover Trojan are able to function in most types of Windows environments. Twistcosm.com attacks can be avoided by eschewing contact with Cooldcloud.com and file attachments from related spam e-mail, but if your PC has been exposed to Twistcosm.com recently, you should scan your PC for high-level threats and take steps to secure personal information – particularly information that's related to online accounts or banking finances.
Why You Should Get Yourself in a Twist Over Files from Twistcosm.com
Twistcosm.com doesn't serve any significant functions save to host malicious software such as Trojans and spyware that are accessed and installed by other PC threats. These attacks are carried out through fraudulent Electronic Payments Association e-mail messages that prompt you to download and view an attachment Word document. Naturally, this 'Word document' is, in reality, a specially-crafted type of malicious file that downloads PC threats from Cooldcloud.com and Twistcosm.com and installs them onto your PC without your permission. SpywareRemove.com malware researchers recommend that you delete any e-mail message that resembles the following example:
Date: Mon, 12 Feb 2012 08:16:16 -1100
From: 'The Electronic Payments Association'
Subject: ACH transfer rejected
Attachments: nacha_logo.jpg
The ACH transfer (ID: 1366285882700), recently initiated from your bank account (by you or any other person), was rejected by the other financial institution.
Rejected transaction
Transaction ID: 1366285882700
Rejection Reason See details in the report below
Transaction Report report_1366285882700.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
2011 NACHA – The Electronic Payments Association
Date: Mon, 12 Feb 2012 19:06:12 +0000
From: 'The Electronic Payments Association'
Subject: ACH transfer rejected
Attachments: nacha_logo.jpg
The ACH transaction (ID: 9485030409966), recently sent from your checking account (by you or any other person), was canceled by the Electronic Payments Association.
Canceled transfer
Transaction ID: 9485030409966
Rejection Reason See details in the report below
Transaction Report report_9485030409966.doc (Microsoft Word Document)
13450 Sunrise Valley Drive, Suite 100
Herndon, VA 20171
2011 NACHA – The Electronic Payments Association
If you choose to follow the instructions of this fake EPA e-mail, your computer will be attacked by multiple PC threats from both Twistcosm.com and Cooldcloud.com, some of which achieve access by exploiting Windows XP and Windows Server 2003 vulnerabilities. These PC threats, however, such as Gameover Trojan, are likely to be able to operate in most versions of Windows, although they may pose minimal danger to other operating systems. Due to this risk, SpywareRemove.com malware experts recommend that you assume that your computer is infected by high-level PC threats if you've had any contact with Twistcosm.com or opened an e-mail file attachment from spam like the example above.
Straightening Out a Case of Twistcosm.com Attacks
Since banking Trojans like those that are propagated by Twistcosm.com and its affiliates may show minimal symptoms of their presence, SpywareRemove.com malware analysts recommend that you use anti-malware software to detect and remove any possible infection related to contact with Twistcosm.com. Likely payloads such as Gameover Trojan may, prior to their removal, attempt to steal passwords and other forms of sensitive information by using keylogging attacks or other forms of covert monitoring. This danger necessitates not only hasty usage of good anti-malware scanners, but also appropriate changes to your account information to prevent any future attacks from criminals that are involved with Twistcosm.com attacks.
You may be able to identify the potential presence of covert PC threats (such as spyware) by monitoring your RAM and CPU usage from Task Manager. If PC threats from Twistcosm.com attempt to block your security software, SpywareRemove.com malware experts note that using Safe Mode or booting into an alternative OS should circumvent their startup routines and allow you to scan your computer.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.