Twitter hit by fake AV worm

Powered by SC Magazine
 

Sends users to fake anti-virus download site.

Twitter was hit by a bug yesterday that sent malicious links without user permission.

Tweets contained no message other than a goo.gl shortened link (Google's equivalent to bit.ly or tinyurl) that pointed to a URL that ended with ‘m28sx.html'. Graham Cluley, senior technology consultant at Sophos, said that if you clicked on one of the links you were ultimately taken to a website that asked you to download a fake anti-virus. Sophos has detected the malware as Troj/FakeAV-CMG.

Del Harvey of Twitter's security team initially said that ‘"all signs point to the compromise being due to weak passwords" and encouraged users not to install ‘Security Shield' rogue anti-virus. She later confirmed the problem and said that the website is removing the dangerous links and resetting the passwords of compromised accounts.

Mikko Hypponen, CSO of F-Secure, commented on his Twitter feed that he was "seeing weird links being posted...could be some sort of a worm" and said to watch out for messages that only have one goo.gl link and nothing else. He later confirmed that this was a new Twitter worm that was spreading. He said: “Shows up as messages from your friends that only contain one goo.gl link and nothing else.”

He later said that the ‘m28sx' Twitter worm attack was over, as an IP address in the UK [91.200.240.228] needed by the worm was down. He said that it was "effective while it lasted".

“Interestingly, all of the offending Twitter messages examined by Sophos so far claim to have been posted by ‘Mobile Web' (Twitter's ‘lite' interface for generic mobile phone users) rather than users' normal clients such as Tweetdeck or Twitter for iPhone,” Cluley said.

“What is not yet clear is how the Twitter users found their accounts compromised in this way. The natural suspicion would be that their usernames and passwords have been stolen. It certainly would be a sensible precaution for users who have found their Twitter accounts unexpectedly posting goo.gl links to change their passwords immediately.”

This article originally appeared at scmagazineuk.com

Copyright © SC Magazine, US edition


Tags
 
 
 
Top Stories
Westpac interim CIO resigns
Group CIO yet to be appointed.
 
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
Telstra prepares to shut down 2G network
Update: Will farewell "old friend" by end of 2016.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  27%
 
Application integration concerns
  3%
 
Security and compliance concerns
  28%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 905

Vote