Close on the heels of the attacks against LinekdIn and Yahoo, it is now social networking giant Twitter’s turn to be in the line of fire. Security firm Sophos reveals that the social networking site now spawns widespread spam attacks linked to malware.
The attack is basic in nature, exploiting users’ innate curiosity. The tweets generally read as “It’s you on photo?” or “It’s about you?” and include the victim’s Twitter handle. The URLs also have a victims Twitter handle and generally a.RU domain name. When gullible victims click on the malware infested links, they redirect to Russian websites containing the deadly Blackhole exploit kit. The Blackhole exploit kit targets vulnerabilities in Adobe Reader and Shockwave Flash allowing hackers to compromise the system. Hackers can use such systems as part of a botnet and eke out any valuable information contained in such systems. The accounts from which such messages emancipate have already been compromised by the hackers.
Twitter has acknowledged the fact that someone somewhere is using the platform to spam and spread malware but remains at a loss to find out who and why.
In the meantime, basic precautions such as keeping the antivirus software updated and updating patches to the operating system and software installed on the system on a regular basis, suffices to ward off this threat. Of course, the best precaution is to think twice before clicking on any Twitter links. This plus always remembering the golden rule: “If someone sends you a tweet, it is either spam or exploit, or both.” Letting curiosity pass is way better than becoming a part of some botnet.