Twitter being used to distribute malware

Twitter being used to distribute malware

Summary: Last week, when I wrote about Aviv Raff's auto follow-me vulnerability on Twitter, I warned that it was only a matter of time before we see nasty social engineering (malware) attacks on the popular microblogging service.Well, it's here.

SHARE:

Twitter being used to distribute malwareLast week, when I wrote about Aviv Raff's auto follow-me vulnerability on Twitter, I warned that it was only a matter of time before we see nasty social engineering (malware) attacks on the popular microblogging service.

Well, it's here.

Malware hunters at Kaspersky Lab (my employer) are seeing early signs that Twitter is now clearly big enough to be a distribution mechanism for malicious software.

In this case, a Twitter profile has started lending links with lures to a pornographic video of Brazilian pop star Kelly Key (photo above).  Kaspersky Lab's Dmitry Bestuzhev explains:

This profile has obviously been created especially for infecting users, as there is no other data except the photo, which contains the link to the video.

If you click on the link, you get a window that shows the progress of an automatic download of a so-called new version of Adobe Flash which is supposedly required to watch the video. You end up with a file labeled Adobe Flash (it’s a fake) on your machine; a technique that is currently very popular.

In reality, this is a Trojan downloader that proceeds to download 10 bankers onto the infected machine, all of which are disguised as MP3 files.

This attack technique does not require any serious programming skills.  Simply purchase some Trojans, upload them onto a Web server and create a chain of Twitter profiles following each other.  Or, even more scary, take advantage of known/unpatched auto follow-me vulnerabilities and build a large network of targets to send the malicious links.

Another big problem is the fact that search engines (Google especially) indexes Twitter profiles, so malicious pages built and marketed with good social engineering tactics end up high in the rankings.

Topics: Malware, Security, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Interesting

    I'm wondering when a fully automated, "send a message to all your contacts pointing to a rogue URL" style attack (in the manner of an IM infection, say) is going to appear on Twitter. It happens to all the social networking sites eventually, from Orkut to Myspace so surely its only a matter of time before Twitter follows suit?

    Simply posting up a rogue link manually is bad enough, but if / when it becomes automatically distributed links...ouch.
    paperghost
    • RE: Twitter being used to distribute malware

      <a href="http://www.replicacool.org">discount fendi bags</a>
      xiaodou
    • RE: Twitter being used to distribute malware

      <a href="http://www.replicawatchesbest.org">cheap replica watches</a>
      xiaodou
  • thanks

    snagging, thanks !<a href="http://www.discountuggs.biz">discount uggs</a>
    tank33
  • nice post

    very very very nice post, really amazing bands. love you's.Thanks <a href="http://www.watch-replica.org.uk">replica watches</a>
    tank33
  • zdnet

    very nice post
    hare paperghost <a href="http://www.bootoutlet.us">ugg boots outlet</a>
    tank33