Twitter knocked offline by DDoS attack; Koobface returns with a twist
Popular microblogging service Twitter was knocked offline for an extended period this morning by what appears to be a massive distributed denial-of-service attacks.Twitter confirmed the outage was linked to malicious attackers in a brief status message posted around 11:00 a.
The denial-of-service attack coincides with the launch of a new Koobface malware run using Twitter messages as a distribution vector for fake security software (scareware).
According to Kaspersky Lab's Stefan Tanase (see important disclosure), the new wave of Koobface attacks includes a change in tactics. The hackers are now using a well-designed Facebook lookalike page and unique Twitter messages to trick Windows users into downloading scareware programs.
A user clicking on a malicious link in Twitter is presented with a fake Facebook page with what purports to be an embedded video file.
The target is presented with an Adobe Flash Player upgrade message but this too is fake and dangerous. If the user attempts to apply the Flash Player update, the machine is infected with rogue security software that badgers the user into paying for a disinfection tool.
The latest wave of Koobface links are bypassing the Google Safe Browsing API that's now being used by Twitter to filter out malicious links.
This week everyone's been talking about how Twitter started to use the Google Safebrowsing API to block tweets containing malicious URLs. It is definitely going to stop some attacks, but as we're seeing with the current attack, it won't eradicate the problem completely. It's clearly a step forward, but a single swallow doesn't make a summer.
Kaspersky's Tanase has identified about 100 unique IP addresses hosting Koobface malware executables.
Facebook and FriendFeed were also suffering through minor outages this morning. It is not yet clear if this is related to Twitter's problems.