Microblogging site Twitter has spawned multiple malware campaigns and continues to be a successful avenue of cyber attacks, says Kaspersky Lab.
Since its inception in July of 2006, Twitter has grown to become an essential part of many people's daily lives in just 140 characters, the security vendor points out.
Timothy Armstrong, security researcher at Kaspersky Lab, says: “Security on Twitter has had an eventful history, even considering its relatively young age. There have been all sorts of different types of attacks from trending topics to hacked admins, to account hijacks, just to name a few.”
According to the researcher, Twitter has experienced malware attacks like the vulnerability in SMS authentication allowed updating of someone else's status via a text message in April 2007. “Twitter introduced a PIN code option to resolve the vulnerability,” he says.
In August 2008, he says Twitter was attacked by cyber criminals who set up a specially crafted page with an ad for an erotic video. “Clicking the photo infected users with Trojan-downloader declaring to be a new version of Adobe Flash.”
The following year, Twitter was hit by multiple variants of an XSS (cross-site scripting) worm. Thousands of messages containing the name 'Mikey' (the nickname of the author) were generated as the worm propagated, he points out. The same year cyber criminals hijacked Twitter trending topics to serve malware.
A new Koobface modification enabled the infection to spread through Twitter users followed shortly. “Once an infected user attempts to log in to Twitter, Koobface hijacked the session and posted a tweet on behalf of the user in an attempt to infect their followers. In May 2010, a bug discovered allowed a malicious user to force others to follow them on Twitter.”
Armstrong says due to Twitter's popularity and its constant security lapses as outlined above, the Federal Trade Commission brought charges against Twitter in mid-2010.
“As a result, Twitter had to adopt a number of new security policies, and now includes such security options as default Secure Sockets Layer (SSL) connectivity and support for external Twitter clients.”
While measures have been put into place to minimise security threats on Twitter, this site will continue to grow and achieve another five years of online social networking success. “Considering this, it is therefore crucial for users to understand the types of malware activity that Twitter has experienced, as it remains a haven for active cyber criminals, for their own gain,” concludes Armstrong.
Share