Hackers tweet, infect Twitter users with scareware
'Security nightmare' arrives; hackers use exploit kit to spread fake security software
Computerworld - The latest attack to hit Twitter is a "security nightmare" and marks the first time hackers have taken to using the micro-blogging site for profit, a researcher said today.
Unlike earlier cross-site scripting attacks on Twitter, the latest wasn't a worm, said Roel Schouwenberg, a senior antivirus researcher with Moscow-based Kaspersky Labs. Instead, it's something even scarier: The first instance of hackers serving up "scareware," fake security software that, once installed, nags users with so many alerts that some fork over $50 or more just to "register" the program and get rid of the warnings.
"This is just another scareware installer," Schouwenberg said, referring to the malware that's downloaded onto victimized PCs. "There's no worm component. But it's quite significant as it's the first time that Twitter's been used for a traditional type of attack."
Over the weekend, Twitter users began receiving tweets with the phrase "Best Video" and a link to a Russian domain. Although those who clicked on the link were directed to a site with a video, they were also served a malicious PDF document via an IFRAME on that site. The PDF, said Schouwenberg, contains a number of exploits, and tries each in turn. If it's able to compromise the computer using one of those exploits, the malware then installs phony security software.
Twitter's not able to remove any malware installed by the attacks, of course, leaving that chore up to users.
Schouwenberg's sure that Twitter's talk of cleaning accounts was a smokescreen, as unlike attacks in April, this one wasn't a worm. "There was no self-replicating code in the binary," he said. Instead, Schouwenberg believes that the malicious tweets were sent from Twitter accounts whose log-on credentials had been hijacked previously by basic phishing-style scams.
"When I first saw this Saturday night, I thought of the Twitter phishing attack, which was quite high profile," said Schouwenberg. "Phishing always has a greater purpose ... so when all of a sudden you see a new 'worm' but there's no worm component [in the attack code], it's clear that this was based on compromised accounts, rather than self-replicating."
Schouwenberg also found the links in the malicious tweets on multiple Web forums, giving credence to his theory that hijacked accounts were used to launch the scareware attack.
Twitter users should expect to see more such attacks, Schouwenberg said. "The whole idea of Twitter is to click on links," he said. "It's a security nightmare."
- 5 Twitter clients for Linux
- Twitter brings the data back in-house with Gnip buy
- Twitter crashed -- again -- on Tuesday
- Twitter's slipping user growth spooks investors
- Get ready to tweet your questions for Twitter's first earnings call
- Super Bowl sets Twitter record, as Volkswagen launches social war room
- Perspective: Twitter's success opens up IPO pipeline
- Update: Twitter goes public at $45 a share
- With IPO cash influx, Twitter could be bigger threat to Facebook
- Ahead of IPO, Twitter shines up multimedia image
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!