Twitter hit by fake AV worm

By

Sends users to fake anti-virus download site.

Twitter was hit by a bug yesterday that sent malicious links without user permission.


Tweets contained no message other than a goo.gl shortened link (Google's equivalent to bit.ly or tinyurl) that pointed to a URL that ended with ‘m28sx.html'. Graham Cluley, senior technology consultant at Sophos, said that if you clicked on one of the links you were ultimately taken to a website that asked you to download a fake anti-virus. Sophos has detected the malware as Troj/FakeAV-CMG.

Del Harvey of Twitter's security team initially said that ‘"all signs point to the compromise being due to weak passwords" and encouraged users not to install ‘Security Shield' rogue anti-virus. She later confirmed the problem and said that the website is removing the dangerous links and resetting the passwords of compromised accounts.

Mikko Hypponen, CSO of F-Secure, commented on his Twitter feed that he was "seeing weird links being posted...could be some sort of a worm" and said to watch out for messages that only have one goo.gl link and nothing else. He later confirmed that this was a new Twitter worm that was spreading. He said: “Shows up as messages from your friends that only contain one goo.gl link and nothing else.”

He later said that the ‘m28sx' Twitter worm attack was over, as an IP address in the UK [91.200.240.228] needed by the worm was down. He said that it was "effective while it lasted".

“Interestingly, all of the offending Twitter messages examined by Sophos so far claim to have been posted by ‘Mobile Web' (Twitter's ‘lite' interface for generic mobile phone users) rather than users' normal clients such as Tweetdeck or Twitter for iPhone,” Cluley said.

“What is not yet clear is how the Twitter users found their accounts compromised in this way. The natural suspicion would be that their usernames and passwords have been stolen. It certainly would be a sensible precaution for users who have found their Twitter accounts unexpectedly posting goo.gl links to change their passwords immediately.”

This article originally appeared at scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
byhitsecuritytwitterworm

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?