Guy Kawasaki's Twitter account hijacked, pushes Windows and Mac malware

Guy Kawasaki's Twitter account hijacked, pushes Windows and Mac malware

Summary: The Twitter account belonging to venture capitalist and Mac evangelist Guy Kawasaki was hijacked yesterday and used to push malware to some 140,000 Twitter users. The attack (screenshot above) included a link to what purported to be a "sex tape video free download" linked to Gossip Girls star Leighton Meester but, after a series of clicks, the end result was a malicious Trojan.

SHARE:

The Twitter account belonging to venture capitalist and Mac evangelist Guy Kawasaki was hijacked yesterday and used to push malware to some 140,000 Twitter users. The attack (screenshot above) included a link to what purported to be a "sex tape video free download" linked to Gossip Girls star Leighton Meester but, after a series of clicks, the end result was a malicious Trojan.

[ SEE: Coming in July: Month of Twitter Bugs ]

Kawasaki would later apologize but, as Trend Micro's Rik Ferguson explains, the damage was significant for any of his tens of thousands of followers.

In this case, following the link would be a Very Bad Idea because it will lead you to a malicious website designed to infect both Macs and PCs with a DNS changing Trojan which at the time of writing has low-to non-existent detection rates by security vendors...

On Windows machines, a user falling for the bait gets to a series of Web pages featuring pornographic content and, at the end, a prompt to update a video codec.   That fake codec is a piece of malware.

On the Mac platform, Intego reports that the download is a  disk image called ActiveXsetup.dmg.  Here's the end result:

This Trojan horse, a form of DNSChanger, uses a sophisticated method, via the scutil command, to change the Mac’s DNS server (the server that is used to look up the correspondences between domain names and IP addresses for web sites and other Internet services). When this new, malicious, DNS server is active, it hijacks some web requests, leading users to phishing web sites (for sites such as Ebay, PayPal and some banks), or simply to web pages displaying ads for other pornographic web sites. In the first case, users may think they are on legitimate sites and enter a user name and password, a credit card, or an account number, which will then be hijacked. In the latter case, it seems that this is being done solely to generate ad revenue.

It is not yet known how Kawasaki's Twitter account got compromised but there is speculation is security circles that he fell victim to a Twitter phishing attack that swiped his password.

It is clear that Twitter's popularity is now at the stage where it is ripe for these types of targeted attacks.

Topics: Malware, Apple, Browser, Hardware, Security, Software Development, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

65 comments
Log in or register to join the discussion
  • More details about severity of attack

    [i]On Windows machines, a user falling for the bait gets to a series of Web pages featuring pornographic content and, at the end, a prompt to update a video codec. That fake codec is a piece of malware.[/i]

    Hmm, sounds like significant user interaction is required for this to work on Windows. Good to know!

    [i]On the Mac platform, Intego reports that the download is a disk image called ActiveXsetup.dmg.[/i]

    This is far more worrisome since the default configuration of Safari will silently (without user interaction), mount downloaded disk images! From the sounds of this, OS X users can get infected with far less user interaction than is required on Windows.
    NonZealot
    • I'm OS X stupid...

      but doesn't changing TCP/IP parameters in OS X trigger a password prompt?

      JoeMama_z
      • Several privilege escalation attacks

        http://www.macrumors.com/2006/11/21/multiple-security-vulerabilities-found-in-apples-disk-image-software/

        [i]The first vulnerability, rated "highly critical" by security-firm Secunia, can lead to privilege escalation, denial of service, and system access by a remote user (if Safari's open "safe" files option is checked).[/i]

        I'm not sure if that particular vulnerability was fixed but there have been several more found. I don't think anyone can say with any real confidence that there are no more privilege escalation vulnerability in OS X's disk image mounting routines.

        This is truly quite alarming and you would be doing your OS X using family and friends a [b]huge[/b] favor by telling them to install AV software and start using a safer browser like Firefox.
        NonZealot
        • Mac OS X will not...

          launch a downloaded app without the user OKing it first, nor will it
          change system settings without an admin name and password. But at
          this point the user has already done a number of stupid things...so who
          knows...perv
          CowLauncher
          • Factually incorrect

            [i]Mac OS X will not...launch a downloaded app without the user OKing it first[/i]

            The default settings in Safari most certainly will launch "safe" apps without a user OKing it first.

            [i]nor will it change system settings without an admin name and password[/i]

            It most certainly will if the code is running with elevated privileges and OS X's disk mounting routines have had many privilege escalation vulnerabilities in them.

            [i]But at this point the user has already done a number of stupid things...so who knows...perv [/i]

            Are you blaming the user for this one then?
            NonZealot
          • No...

            [i]"The default settings in Safari most certainly will launch "safe" apps
            without a user OKing it first."[/i]

            No. First it'll warn that the disk image contains an application and ask
            if you want to continue. Then after it mounts the disk image, it'll warn
            a second time that the application was downloaded from the internet.

            I do agree that it is the single [i]dumbest[/i] feature, and I don't know
            why the hell Apple keeps it there.

            [i]"It most certainly will if the code is running with elevated privileges
            and OS X's disk mounting routines have had many privilege escalation
            vulnerabilities in them."[/i]

            Except it isn't.

            [i]"Are you blaming the user for this one then?"[/i]

            Yes.
            olePigeon
          • Whats with all these OSX warnings? It sounds worse than Vista!!

            If I am correct, it seems to me the Mac pundits have been having a heyday the last couple of years crowing about how much people hate Vista because of excessive warnings. Seems to me if its correct that OSX has all the warnings you speak of that Mac users must hate OSX with an absolute passion if warnings are a problem for users.
            Cayble
          • @Cayble

            [i]Seems to me if its correct that OSX has all the warnings you speak of that Mac users must hate OSX with an absolute passion if warnings are a problem for users.[/i]

            [b]You are coming to a sad realization. Cancel or Allow?[/b]

            :)
            NonZealot
    • NonZealot

      Bro, for your sake and sanity...

      Put the mouse aside, step away from the computer, exit your parent's
      basement, walk out doors to the bright light (that shiny thing up in the sky
      is called the sun) and do something other than posting to ZDNet forums.

      What else do you do? Do you get paid per word, or do you live in a bubble?
      Are you, in fact, simply a bored bubble boy?!?

      I read the stories and blog entries that interest me and post a response if I
      want and then I MOVE ON!!!

      Does any of this matter THAT much?

      Get a life already... :-(
      macpipkin
    • Nonzi, you're clueless...

      You're wrong on this one. Every time I download a .dmg file and try to open it, it reminds me it's a download from the internet AND may contain malicious code. Also, to install a new program, I have to type my admin. password.

      Hile!
      GSavage777
      • You get multiple Cancel or Allow prompts?

        You are about to read something that isn't 110% full of glowing praise for OS X. Would you like to Cancel or Allow?

        You get multiple Cancel or Allow pro? Even worse, one of those Cancel or Allow prompts requires you to enter your username and password? And Apple was poking fun at [b]Vista[/b] for being annoying?!?!
        NonZealot
  • Is OS X losing its "safety" advantage?

    With countless mega-patches and 2 straight losses at PWN2OWN, we always knew that OS X wasn't any more "secure" than Windows but considering few bothered to take advantage of these countless holes, OS X users felt quite safe. Is that advantage disappearing?

    On the one hand, this could be celebrated as proof that OS X's marketshare has grown big enough to start making it a juicy malware target. On the other hand, "safety" used to be a big selling feature of OS X. With that feature disappearing fast, there is much less reason for the less security conscious members of the computing world to switch. Note that security conscious computer users have never needed to switch for safety and security which is why I specifically mention the less computer savvy members of our population.

    Very interesting times indeed!
    NonZealot
    • Is OS X losing its "safety" advantage?

      Lost it long ago technically - particularly with the switch to the x86 architecture. For all operating systems now the real danger is in 3rd party apps and social engineering with the latter being the big one.
      DougAlder
      • intersting

        because Intel x86 processsors support hardware DEP and Power pc chips dont as far as im aware.
        Of course If osx doesnt use it then it wont make any difference.
        jdbukis
        • I think the point was ...

          ... that since Apple have moved to the x86 chipset that the hackers can now target one CPU instruction set rather than two. THis makes it easier for the hackers.
          de-void-21165590650301806002836337787023
    • It never had an advantage to begin with

      Security was always more lax on Macs because the
      botnet herders target Windows.
      georgeou
  • Clicking through links on a pornographic website...

    and then downloading a codec. It would take some real stupidity to compromise your computer.

    OS X has stripped out a lot of what made BSD a secure system for the sake of a "user friendly" environment, as Win 7 now does with the idiotic default UAC settings.
    urbandk
    • Just like seat belt law

      Why was it that seatbelts were in cars for years and years before they really started having an affect? Because it became law. UAC is similar. At first it's annoying and uncomfortable. After a few weeks you don't even notice it is there anymore.

      People want to blame everyone else for them not taking the time to protect themselves and pay a little bit of attention. You click through all those links and blindly accept installs and blame Microsoft (or Apple) for your own stupidity. If I went and bought a guitar and got home and couldn't play, could I sue?
      LiquidLearner
  • The first sophisticated OSX attack

    This marks the first time an attacker actually put some effort into exploiting OSX.

    Until now the attacks have been half-hearted and somewhat amateurish (a fake codec just doesn't play in the same league as most of the established stealthy Trojan attacks).

    This could be significant if one of the established criminal groups have turned their attention to OSX. Then mac users (and Apple) are in for some tough learning.
    honeymonster
    • This is not the first OSx attack...

      This is not the first sophisticated OSx attack, and it will definately not be the last.

      ANY computer is a viable target. In the latest Black Hat conventions, the coveted security for Macs and Linux were comprimized in minutes. Vista, for those so inclined, took much longer, but was still comprimised.

      Don't EVER buy a computer with the thought that you are safe. You're only as safe as your computing habits. First, back up and back up often to multiple sources. Second, be ready to dump everything and start fresh. Last, use a little common sense.

      If you a ready to handle total meltdown, then your are ready to use a computer.
      Narg