13 December 2010

Twitter Worm Spreading Through Google Link

Malware is being distributed through the microblogging site's mobile app and URLs generated by the Goo.gl shortening service. The Twitter bird has become infected by a worm that is being spread via the link goo.gl/R7f68 and, perhaps, others.

A large number of messages are appearing on the popular microblogging site, according to a number of reports. Some unwitting users who click on the link are sent to the website of French furniture seller Artcan Developpement, which apparently has been hacked, then are redirected to various sites filled with malware scripts, Mashable said.

"We're aware and have sent out password resets for affected users. We'll monitor the situation in case of further iterations," Troy Holden, a Twitter support representative, told TechCrunch.

While some messages are coming from disposable Twitter accounts, other postings apparently are appearing from real Twitter accountholders, making it likely that the worm is spreading and sending the messages from now-infected accounts, various reports said. To date, all messages are coming from the mobile version of Twitter, according to Mashable.

On Tuesday morning, Twitter's site hummed with warnings in multiple languages, as accountholders warned followers not to open links ending in R7f68. But since the worm is only a few hours old, the format could quickly change, The Next Web warned. Indeed, TechCrunch reported it found the worm was being spread via http://goo.gl/od0az.

"What we've been able to learn is that the worm seems to be either creating or using a number of spam/newer accounts," The Next Web reported Tuesday morning. "That said, a few influentials have also tweeted the URL."

The R7f68 URL -- shortened using Google's goo.gl website-abbreviation service -- is sometimes part of a message stream: "Just found the easiest way to track who follows and unfollows you -- http://goo.gl/kLE5M," The Next Web said. But in some cases the link appears without this comment, reports said.

In addition, The Next Web cautioned Twitter users against postings that advertised a service called Fllwrs, and recommended that users revoke access to their Twitter site if such a posting appears.

Social media is increasingly becoming an attractive target for cybercriminals. Malware -- such as bots that launch spam and denial of service attacks, keyloggers and backdoor Trojan viruses designed to steal confidential data -- is a file or application that is downloaded from a website or computer that has properties that are involuntary and malicious. In September, Twitter halted a malware attack that spread malicious messages using cross-site request forgery.

The above article was originally published at: http://www.informationweek.com/story/showArticle.jhtml?articleID=228600140

For all your IT related security issues, feel free to contact us at Farend.