Twitter knocked offline by DDoS attack; Koobface returns with a twist

Summary:Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.

Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.

Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.m EST.

We are defending against a denial-of-service attack, and will update status again shortly.

Update: the site is back up, but we are continuing to defend and recover from this attack.

Here's a chart from Arbor Networks showing how the DDoS attack affected Twitter:

The denial-of-service attack coincides with the launch of a new Koobface malware run using Twitter messages as a distribution vector for fake security software (scareware).

According to Kaspersky Lab's Stefan Tanase (see important disclosure), the new wave of Koobface attacks includes a change in tactics.  The hackers are now using a well-designed Facebook lookalike page and unique Twitter messages to trick Windows users into downloading scareware programs.

This Twitter Search shows examples of the attacks underway.

A user clicking on a malicious link in Twitter is presented with a fake Facebook page with what purports to be an embedded video file.

The target is presented with an Adobe Flash Player upgrade message but this too is fake and dangerous. If the user attempts to apply the Flash Player update, the machine is infected with rogue security software that badgers the user into paying for a disinfection tool.

The latest wave of Koobface links are bypassing the Google Safe Browsing API that's now being used by Twitter to filter out malicious links.

This week everyone's been talking about how Twitter started to use the Google Safebrowsing API to block tweets containing malicious URLs. It is definitely going to stop some attacks, but as we're seeing with the current attack, it won't eradicate the problem completely. It's clearly a step forward, but a single swallow doesn't make a summer.

Kaspersky's Tanase has identified about 100 unique IP addresses hosting Koobface malware executables.

Facebook and FriendFeed were also suffering through minor outages this morning.  It is not yet clear if this is related to Twitter's problems.

Topics: Security, Social Enterprise

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.