Malware targets Twitter

Johannesburg, 23 Apr 2009

Kaspersky Lab has revealed that micro-blogging and social networking site Twitter has been infected with malware.

The security giant says the worm finds vulnerabilities in Twitter which it uses to hack into and modify users' accounts. Accounts were infected when users visited a modified page on Twitter or when they followed links to a promoted Web site in messages they believed to be genuine Tweets from their friends.

Kaspersky adds that different versions of the worm circulated on Twitter, causing several waves of infections. According to the administrators of Twitter, all the holes on the site have now been closed. Twitter says there is nothing to suggest that user credentials were stolen or passwords, phone numbers, and other sensitive information were compromised as result of the attack.

According to Kaspersky, a 17-year-old New York resident, Michael Mooney, admitted to creating the worm out of boredom. He said he wanted to show Web developers the vulnerabilities of the product and promote his own site via fake Twitter messages.

Roel Schouwenberg, Kaspersky Lab senior anti-virus researcher, notes that the new worm does not have sophisticated functionality and is not a real threat because it does not steal personal data. The problem, he says, is the possibility of launching malicious scenarios using widespread and familiar interactive elements such as buttons and links.

“Also in response to the new XSS-Worms some Web services have been created to supposedly protect the user. But again, these services ask users to just click on a link, while asking their friends to do the same. In other words, they behave in a similar way to malicious programs.”

The Kaspersky Lab analyst stresses that the Twitter incident is further proof of the growing threat emanating from social networking sites. Kaspersky Lab's malware evolution report for 2008 states the success rate of malicious code distribution via social networking sites is about 10%, which is considerably more effective than distributing code via e-mail (less than 1%).

Kaspersky believes this is because users of such sites are more trusting and because these services fail to provide sufficient protection.