ZDNet's own Ryan Naraine reports in his Zero Day security blog that Mac evangelist Guy Kawasaki's Twitter account was hijacked yesterday and was used in an attempt to distribute malware to his almost 140,000 followers.
The attack (screenshot above) included a link to what purported to be a “sex tape video free download” linked to Gossip Girls star Leighton Meester but, after a series of clicks, the end result was a malicious Trojan.
Trend Micro’s Rik Ferguson adds that the payload at the end of the mal-Tweet was especially dangerous to both PCs and Macs:
In this case, following the link would be a Very Bad Idea because it will lead you to a malicious website designed to infect both Macs and PCs with a DNS changing Trojan which at the time of writing has low-to non-existent detection rates by security vendors…
Luckily, the offending tweet reeked so badly of SPAM that it probably limited the scope of its damage.
If the hacker was a little more nefarious and used the account to Tweet things in a more Kawasaki-like way, i.e. "7 Sneaky (and useful) ways to use Twitter search" the damage could have been much more extensive. In fact, Kawasaki's use of team-Twittering could have allowed a rogue Tweeter to fly under the radar for quite a while.
Now would probably be a good time to change your Twitter password. You know, just in case.