Tag Archives: Twitter

Torrent phishing scheme trips up Twitter users

Posted by peter on February 4, 2010 – 1:02 pm
Filed under Security News
Tagged as , , , , ,

Attacker steals torrent site account passwords and attempts to access Twitter, other social networks.

If you signed up for an account on a torrent forum or website and use similar passwords for other accounts, change your passwords now. A savvy attacker is skimming passwords from the users of a number of torrent sharing sites he created, using the credentials to try to break into Twitter and other third-party sites.

Torrent sites were made popular by people who wanted to share music files in the early 2000s. The file sharing protocol enables users to “seed” files and share small pieces of large amounts of data. In the early days it was difficult for a non technical user to tweak network settings and load a torrent file, but a set of new programs have automated that process. Today torrent files have grown more popular with users sharing files of popular movies and television shows, though the legality of this is in question.

Twitter said it detected anomalies in several Twitter accounts that had a surge in follower activity. A further investigation led to the discovery of the phishing scheme. As a precaution, Twitter anyone following the suspicious accounts were temporarily suspended until they reset their account credentials.

In a post on the Twitter Status Blog, Del Harvey, Twitter’s director of trust and safety, said the hacker is suspected of building a number of different torrent sharing forums and torrent websites that require users to sign up for an account. The sites were sold to other people, but they were riddled with holes – malicious code and backdoors that enabled the hacker to skim account credentials of users who signed up for the sites he built.

This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information.

Harvey warned users to change their passwords if they signed up for a torrent forum or torrent site.

Torrent sites aren’t exactly ‘new’; however, this is one of the first times that we’ve seen an attack that came from this vector. … We felt that it was important to put this knowledge out there so that users would know of the possibility of compromise of their data by a third party unrelated to their Twitter account.

The scary part of all this is that it appears that the hacker had been using the scheme for “a number of years,” according to Harvey. So if you think you may have signed up for a torrent site a number of years ago, go back and address your passwords now.

Another ongoing issue is that people use the same email address and password to multiple sites, Harvey said. Security experts have warned against doing this. A number of new password management programs are available including some smartphone applications that help users create a strong password and securely store it. While it may seem difficult, using them could alleviate any unnecessary headaches in the future.

Popular Password Management Programs:
Here are links to popular password management programs. I don’t advocate any one program. This is an area to be especially careful. Do a search for reviews to find the right one that meets your needs:

Sixipper: Firefox add-on.

Roboform: Windows-based but provides online access for Mac and Linux users.

1Password: Popular Mac-based password management.

KeePass: Open source light-weight password manager.

Aurora Password Manager: Windows-based with full encryption capabilities.

SplashID: Apple iPhone and RIM Blackberry password manager.

eWallet: iPhone password manager.

AsCendo DataVault: Supports RIM Blackberry, Apple iPhone and Windows desktops.

Google’s new link-shortening service comes with security concerns, like the rest

Posted by peter on December 16, 2009 – 1:21 am
Filed under Security News
Tagged as , , , , , , , , ,
Established link-shortening services like bit.ly and TinyURL are waiting to see the reaction from the tech world, now that search giant Google has launched its own link-shortening service, for use with microblogging sites like Twitter.

Twitter's 140-character-per-post limit makes posting longer URLs impractical, so link-shortening services have sprung up to break them down into bite-sized chunks. However, experts say that the renamed links can be a security problem, since they give no indication as to what content they lead to and the services themselves do not use robust web filtering.

The shortened links are also problematic because of their source. Their prevalence on social networking websites leads to them being considered a trusted source that potential victims wouldn't think twice about clicking on. Experts urge caution in clicking on shortened links that seem even a little suspicious.

PC World reports that some utilities are available to help make shortened links more transparent, enabling users to see the full-sized link contained within. These are available either as stand-alone applications like Tweetdeck or browser plug-ins like ExpandMyURL and LongURLPlease.

Experts: Real-time search vulnerable to malware

Posted by peter on December 14, 2009 – 9:08 pm
Filed under Security News
Tagged as , , , , ,
The recent addition of real-time search results from blogs and social networking services has provided a fertile new target for cyber criminals, according to online security experts.

While standard search results are not uniformly spam- and virus-free, the instantaneous delivery speed of real-time results - most of which are currently delivered from Twitter, with Facebook to be added in the near future - makes filtering such search results difficult, writes USA Today.

That publication quoted sources at Google as saying that that company used "automatic and manual processes" to identify and block malicious website traffic and warn users against clicking on possibly malicious links, and said that Bing and Yahoo also "[took] great pains to deliver safe results."

Analysts say that any number of cyber security threats could use real-time seach as a delivery vector, including banking Trojans and bogus anti-virus products. The incorporation of real-time results into standard search engine traffic could prove particularly fruitful for the infamous Koobface worm, which already uses the same social networks that power real-time search to spread itself by spamming malicious links.

Link sharing service bit.ly to gain additional virus protection

Posted by peter on December 1, 2009 – 11:11 pm
Filed under Security News
Tagged as , , , , , ,
As more and more websites become compromised by sophisticated malware authors, link condenser bit.ly is taking steps to protect users from the threat of viruses and spam by entering into partnerships with several security firms.

IT news site The Register reports that bit.ly, which is used extensively on Twitter, Facebook, and other microblogging sites to create links short enough to be useful for character-limited posts, will use VeriSign's iDefense IP reputation service to cut off access to known malicious websites, including those that host exploit code and botnet activity.

Additionally, the Register report says that Websense will provide behavioral tools that can help detect spam advertising and phishing sites that could pose an identity theft risk to users of social media networks.

Security experts say that the threat posed by bit.ly and other link shortening services is that it is difficult to immediately tell where a link goes before clicking on it. A bit.ly link could lead to an interesting blog post or to a malware-infested rogue website with no visible difference between the two.

Anti-virus scareware moves to Twitter

Posted by peter on September 23, 2009 – 8:04 pm
Filed under Security News
Tagged as , , , ,
Cyber criminals pushing the same scam that corrupted advertising on the New York Times website last week are using Twitter to lure new victims.

Internet security firm F-Secure labs blogged over the weekend that hackers were using dummy Twitter accounts to spread links to malware-infected websites. If the links are clicked, the websites then use intrusive pop-ups and bogus warnings that a user's computer is infested with malicious programs in an attempt to convince them to purchase fake anti-virus software.

Twitter uses CAPTCHA technology - distorted groups of letters and numbers that humans can recognize but text-recognition programs cannot - to foil automated attempts at account creation, but the scam artists have apparently figured out a way to work around this, either by enlisting the help of large groups of assistants or by exploiting some weakness in the CAPTCHA technology itself.

This and the New York Times malvertisers illustrate the changing face of the malware threat. F-Secure security advisor Sean Sullivan told Eweek that "The rogue pages are not very 'malicious' as far as attacking the computer's OS. These are using social engineering tactics and mimicking Windows."

Hackers use Twitter to control botnets

Posted by peter on August 14, 2009 – 8:50 pm
Filed under Security News
Tagged as , , , , ,
A web security researcher has discovered accounts on Twitter that act as command and control (C&C) centers for directing botnets - networks of malware-infected PCs that can be directed to send spam or launch denial of service attacks.

Researcher Jose Nazario of security firm Arbor Networks said he discovered Twitter accounts that use status messages (tweets) to send out links containing new commands or executables for the botnet to download and run. The botnet uses the RSS feed to get updates from Twitter, Nazario said in a blog post.

One such account with the Twitter profile name upd4t3 has been used to as part of an information stealing scheme.

Nazario said the account is presently live but under review by Twitter and is "just one of what appear to be a handful of Twitter C&C accounts."

Hackers typically use rogue servers to operate their botnets, which can be rented out to other cybercriminals for activity ranging from sending spam to stealing bank account or other information from PCs.

Botnets can also be used to launch distributed denial-of-service attacks (DDoS), which can slow or stop websites from working by overwhelming a site with traffic.

Twitter itself was downed by DDoS attacks last week and again this week.

Koobface worm grows more sophisticated in web 2.0 attacks

Posted by peter on August 11, 2009 – 9:25 pm
Filed under Security News
Tagged as , , , , , ,
Web security researchers are warning that the notorious Koobface worm that spreads on social networks like Facebook and Twitter has grown more sophisticated in order to evade detection and trick more savvy users into downloading malware.

The malware writers have relied on the proliferation of link sharing on social networks to spread the Koobface virus. Koobface sends out spam messages from hijacked user accounts containing malicious links to websites where users are prompted to download Trojan malware and phony antivirus software.

Kaspersky labs reported that the spam messages are now becoming more realistic, with different Koobface spam messages featuring random additions like "HA-HA-HA!" or "LOL," while the malicious URLs are better disguised through a different bit.ly shortened URL each time.

Although it was originally designed to propagate through Facebook and MySpace, Koobface now spreads througho eight other social networking sites, including Twitter, thanks to a program that steals a user's cookies from the social websites he or she has visited, Trend Micro reported.

Koobface can also install other types of malware on an infected PC, which makes it valuable to other cybercriminals who appear to be renting out the Koobface botnet of infected machines to install malware for data theft, search hijacking and selling rogue antivirus software.

Koobface also has a way of tricking users into breaking CAPTCHA images for it in order to spam a user's contact list.

Georgian blogger ‘Cyxymu’ target of DDoS attacks

Posted by peter on August 10, 2009 – 8:11 pm
Filed under Security News
Tagged as , , , , , , ,
The distributed denial-of-service attacks (DDoS) targeting Twitter, Facebook and other websites on Thursday were directed by Russian hackers at a Georgian blogger with the nickname Cyxymu, according to reports.

The blogger had been posting accounts of events leading to the conflict between Russia and Georgia last August to his blog and linked through Twitter and other social networks, he told the New York Times.

Attackers also bombarded email inboxes with spam that appeared to come from the Gmail email address of the blogger, in order to intimidate him and show him that he was the target of the attacks, according to the Avert Labs blog of web security firm McAfee.

By Friday, Twitter was back online after suffering a second wave of attacks. Cyxymu posted a message on his Twitter page that said: "My twitter is online! Thank you all for support after ciber [sic] attack from Russia!"

PC World reported that Twitter continued to experience DDoS attacks on Friday and into Saturday, but the company set up defenses to block the excess traffic.

A DDoS attack uses networks of malware-infected PCs, called botnets, to overwhelm a website with traffic. Similar cyberattacks occurred in early June that knocked out government websites in the U.S. and South Korea.

Twitter goes down by DDoS cyberattack

Posted by peter on August 6, 2009 – 10:17 pm
Filed under Security News
Tagged as , , , , ,
Twitter users were unable to access the Twitter homepage on Thursday, which the company said was due to an ongoing distributed denial-of-service (DDoS) cyberattack.

TechCrunch reported that Twitter was inaccessible as of approximately 9 a.m. eastern time. By 11 a.m. eastern on Thursday, the company posted on the Twitter status blog: "We are defending against a denial-of-service attack and will update status again shortly."

Media outlets on Thursday also reported that popular social networks LiveJournal and Facebook were suffering outages.

A DDoS or DoS is a type of cyberattack used by hackers to overwhelm a website or server with traffic to slow down or force a website offline. DDoS attacks often use botnets of compromised PCs to submit repeated requests to a targeted website.

Recently, DDoS attacks have been reported against the online media site Gawker, the file-sharing site The Pirate Bay and the messageboard 4chan.org.

A series of DDoS attacks beginning the weekend of July 4 hit government websites in the U.S. and South Korea.

More than 160,000 infected PCs were used in those attacks to disrupt service from sensitive sites including those of the White House, the Secret Service and the New York Stock Exchange.

Time for social networks to take security seriously

Posted by peter on July 22, 2009 – 8:11 pm
Filed under Security News
Tagged as , , , , , ,
The blossoming of web 2.0 social networking sites like Twitter and Facebook is benefitting many businesses that have tapped into them for viral marketing, but web security threats from spam to malware and identity theft are putting these same firms at risk, reports web security firm Sophos.

In Sophos' latest internet security report, the firm states that web 2.0 companies "are concentrating on growing their userbase at the expense of properly defending their existing customers from internet threats."

"What's needed is a period of introspection," said Graham Cluley, senior technology consultant at Sophos. "The honeymoon period of these sites is over."

Last week, a hacker who gained access to a Twitter employee's personal email account was able to infiltrate the company's Google Apps account to steal confidential documents, which were then published by some websites.

Facebook is attempting to clamp down on spam, phishing and malware by requiring users who have been hacked to go through a verification process when they attempt to access their profile again.

Sophos said businesses are worried about employees putting their employers at risk by exposing too much information on social nets, which is how Twitter's vital information ended up splashed across the internet.

One-quarter of organizations have been exposed to malware from social nets, Sophos said.