Australian twitterati talks malware

It was inevitable that micro-blogging service Twitter would become infested with malware, according to a number of high-profile Australian users of the service.
Written by Renai LeMay, Contributor

It was inevitable that micro-blogging service Twitter would become infested with malware, according to a number of high-profile Australian users of the service.

In the last week Kaspersky Lab has uncovered a fake Twitter profile created solely for the purpose of infecting people's computers with rogue software. Security researcher Avi Raff has also launched a website devoted to Twitter security issues, named Twitpwn.

In the wake of the events, ZDNet.com.au invited high profile Australian Twitter users to comment.


(Credit: Stilgherrian.com)

"It's hardly surprising Twitter is being targeted like this," internet, IT and media consultant Stilgherrian told ZDNet.com.au this morning via email. The consultant has 418 followers and is one of the nation's most prolific twitterers.

"It happens to every new social media channel," he continued. "Indeed, it happens offline too. Once *any* community gets big enough to be worth the effort, it'll start attracting the attention of marketers like spammers, or the con-artists."

According to Stilgherrian, Twitter was particularly vulnerable to links to malware-infested websites being spread, for several reasons.

Firstly, the bad links were usually passed on by trusted friends on the service, rather than en masse (like email spam), and users could be blinded to the true destination of the links by services such as tinyurl.com, or is.gd, which shorten links so they can more easily be spread.

"And I think a significant factor is that on Twitter, people forward links to their friends *very quickly*, almost like a reflex action, sometimes even before looking at them themselves," Stilgherrian added.

Twitterer and Servant of Chaos blogger Gavin Heaton, who in his diversified career also works for SAP and has even published a book, The Age of Conversation, said Twitter had built a community that was largely based on what he called a "trust contagion".


Gavin Heaton
(Credit: Servantofchaos.com)

"This means that Twitter participants afford each other a high degree of trust," he said, "relying on the network of connections to affirm identity."

For example, Heaton said, when he was followed on Twitter by someone he didn't know, he checked their profile, their website and who else they knew online, and then determined whether he would follow them in return (although many people omitted one or more of these checks).

"The Twitter community has also created an environment of reciprocal following," Heaton said. "For many Twitter participants, this has become a form of unspoken etiquette. Unfortunately, this behaviour can open that person (and their entire network) to the type of exploitation described in your article."

Heaton said in many ways it was only a matter of time before some form of Twitter malware appeared.

Web strategist and consultant Stephen Collins, who runs local firm acidlabs and also was a contributor to Heaton's book, agreed the issue could relate to awareness. People should know not to click through to dodgy links, he posted on Twitter today.


Stephen Collins
(Credit: acidlabs)

"Why follow back someone you can't validate (I don't) and why click on their links?" he asked. "This is basic SNS [social networking] safety stuff."

Ironically, said Heaton, the best defence against the issue could come from spreading awareness, something Twitter was uniquely designed to do.

"David Armano (@armano) recently tweeted that he had been scammed by a Facebook look-alike," Heaton said. "His announcement went out to his many thousands of followers as a warning. It could well be that this trust network is the most difficult one to crack."

Renai LeMay's Twitter profile can be found here.

Editorial standards