Add to del.icio.us     Digg this

August 5, 2008

In the latest twist on how popular social networking sites can present potential security problems to users, micro-blogging service Twitter has recently fallen prey to trojans and malware.

Twitter users were being offered up links to booby-trapped sites from a compromised profile. The approach is being used to spread malware in the form of links to a supposed skin flick featuring Brazilian pop star Kelly Key.

Prospective visitors are told they need to download a new version of Adobe Flash to get the 'content'.

Internet security company Kaspersky Labs says the fake and compromized Adobe Flash download actually contains the malware payload, a download application that attempts to inject no less than 10 banking Trojans into the infected computer. These malicious files are then disguised as MP3s.

Kaspersky researcher Dmitry Bestuzhev wrote "the footprints of this particular crime are pure Brazilian, ranging from the Portuguese, to the web servers hosting the banking malware to the email embedded in the malware which is used for receiving data from infected machines."

Recently, fake Flash downloads have become a popular V-Xer tactic. Unknown attackers have simply transferred the method to Twitter instead of targeting instant messaging or email users directly- a very nasty and unpredictable feat in and by itself.

What's more, Twitter has now become the focus of many security concerns. On July 31, security researcher Aviv Raff warned of an unpatched auto follow-me vulnerability on the service. The cross-site request forgery flaw makes it possible for a potential attacker to gain scores of followers simply by tricking 'punters' into visiting a compromized Web site, security commentator Ryan Naraine notes.

"Overall, this hacker method doesn't require any serious programming skills at all. You just buy or 'cook up' a few Trojan horses, upload them onto a server and create a chain of Twitter profiles following each other. It's just as simple and uncomplicated as that," added Raff.

Internet Explorer users are still very much at risk, despite a partial security fix from Twitter's "security team".

Raff, who has set up a site called www.twitpwn.com to "honor" the security vulnerability, is withholding details of the security hole pending a complete fix to the problem.

However, the Brazilian Trojan downloader attack reportedly doesn't use this technique at all, which is just as well for Twitter users, one could argue...

Nevertheless, Google does index unprotected Twitter profiles, so hacker-created sites or profiles promoted using malware tactics abd trojans are liable to appear very high in the search results pages.

Add to del.icio.us     Digg this

Source: Kaspersky Labs.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.