Month of Twitter Bugs
- Koobface virus infection: This malware sent fake ‘tweets’ when users log in. According to Sunbelt Software's research office manager Tom Kelchner Koobface sends a ‘tweet’ with a link to a home video or a site infects users when they run the video. In addition, Koobface sends similar ‘tweets’ to friends of the users to infect them.(http://www.scmagazineus.com/Koobface-hits-Twitter/article/140029/)
- Mikeyy or StalkDaily worm: Bogus/rogue anti-virus product links were sent to users, telling them that they have malware on their PC and that they would have to buy the product to remove it. A Google search for ‘Twitter worm’ conducted by F-Secure gave a malicious link in the top ten results, clicking on it redirect to ‘videxxxxxs.cn' which immediately redirect to 'loyxxxxxxno.com' which tricks users into downloading a fake video codec from ‘cxxxxxxxxaz.com'. According to Patrik Runald, chief security advisor at F-Secure the fake codec is malware, a Trojan downloader that downloads some additional malware, including a rogue security product called WinPC Defender, which shows fake malware detections. (http://www.securecomputing.net.au/News/142548,cybercriminals-begin-to-use-twitter-mikeyy-worm-to-spread-fake-antivirus.aspx)
- Rogue security software: Users received tweets with a link to ‘juste.ru’ to watch a YouTube “Best Video." In reality a fraudulent PDF delivered through an IFRAME was running in the background containing exploits to infect un-patched versions of Adobe Reader. The website then displayed that the system was infected and offered a security software download.
- Attachments: Users received tweets with the message 'your friend has invited you to Twitter’ and asked to open an attachment ‘InvitationCard.zip’. Opening the attached file infected users with a malicious worm that sends out mass e-mail messages.
- Phishing scam: Users received fake Twitter email messages like, "hey! check out this funny blog about you...". Clicking on the provided link redirected to a spoofed site resembling Twitter’s. Here the users were asked to log in with their Twitter password. This information was used to send out direct messages on the users’ behalf to their followers. (http://www.technewsworld.com/story/exploits-vulnerabilities/65727.html?wlc=1247691951).
- Hijacked accounts:A hacker was able to figure out the email and password of a Twitter user who was also the company’s employee and gained access to a number of confidential internal documents. This incidence did not impact any other Twitter member accounts.(http://www.scmagazineus.com/Intellectual-property-belonging-to-Twitter-exposed-in-hack/article/140157/)
How to Safeguard Yourself from Vulnerabilities/Attacks
- Do not click on URLs within tweets, especially those advertising a video
- Do not open invitation attachments or any other unsolicited or suspicious email attachments
- Look closely at the URL field before signing in to your account to ensure that it is the authentic Twitter Web site. Do not sign in if the URL is not www.twitter.com, even though the page looks exactly like Twitter’s
- If you think your account is compromised or you provided your password on the spoofed Web site, change your password.
The Multi-State information Sharing and Analysis Center (MS-ISAC) recommends taking the following actions to avoid becoming a victim of malware intrusion through social networking sites:
- Organizations should determine if social networking sites are appropriate within their environment. If yes, the organization should develop a policy on the appropriate use of social networking sites.
- Train users on the appropriate usage of social networking sites, including enabling the privacy features and disabling of "Auto-Feeds" that are not approved by your organization.
- Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding the threats posed by hypertext links, especially from un-trusted sources.
- If you believe you have been affected by targeted attacks exploiting this vulnerability, please follow your organization's policies for incident reporting.
- Ensure that all anti-virus software is up-to-date with the latest signatures.
- Ensure that the most recent vendor patches are applied on all desktops, laptops, mobile devices and servers as soon as possible.
- Deploy network intrusion detection systems to monitor network traffic for malicious activity.