CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 7th, 2010

Compromised Twitter Accounts Spread Links to Malware Downloads

It appears that a new worm is spreading by hijacking Twitter accounts and using them to advertise links to a drive-by download website. The attack starts with goo.gl shortened URLs being sent by users whose computers have already been infected by the new threat.

The links get changed as soon as Google suspends them for abuse. One goo.gl URL pointed to a page hosted on a compromised website belonging to a French furniture manufacturing business.

This page takes visitors through several redirects and eventually lands them on a drive-by download site that tries to exploit vulnerabilities in outdated versions of Java and Adobe Reader.

According to various reports, in addition to the compromised .fr website, an .it one has also been observed, which ironically belongs to a firm offering computer repair services. An interesting aspect about these websites is that both of them are entirely designed in Flash. We’re not sure at this point if this is just a coincidence or a pattern.

There is still no detailed analysis of the malware installed in case of successful exploitation. However, it’s pretty clear that it can hijack the Twitter accounts of people using the infected computers.

The rogue messages are sent through Twitter’s mobile site instead of the main Web interface, but this is probably done by attackers for convenience reasons. The behavior of hijacking accounts like this is reminiscent of the Koobface social networking worm, which also targeted Twitter in the past. However, at this point this is only speculation.

According to TechCrunch, Twitter is aware of the attack and is actively resetting the passwords of the compromised accounts.

Users are advised to be suspicious of goo.gl links that are posted with no other message attached; although this behavior might change.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Twitter Micro-blogging Compromised Accounts Spread Koobface Worm
  • Twitter Users Hit Once Again, This Time With Rogue Anti-virus Scam
  • Spam From 750 Compromised Twitter Accounts Invited Users To Visit Porn Website
  • Twitter Confidential Information Exposed After Twitter Administrator Accounts Breach
  • Tweeter Support Compromised By Hackers, 33 Accounts Hijacked And Temporarily Suspended

    • Posted in Malware, Social Networks, Spam, Trojans & Worms | Print This Post Print This Post

    This entry was posted on Tuesday, December 7th, 2010 at 5:58 am and is filed under Malware, Social Networks, Spam, Trojans & Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Compromised Twitter Accounts Spread Links to Malware Downloads

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »