Home > Uncategorized > Twitter spreads malware just as fast as it spreads news

Twitter spreads malware just as fast as it spreads news

September 21, 2010 Leave a comment Go to comments

I was busy yesterday. Good job really – it meant that I didn’t even look at Twitter all day. In fact, the first I even knew of a problem was when Websense told me:

As of 3pm UK time Twitter Safety is reporting that the XSS flaw is no longer exploitable.

I guess I was the only person in the country who knew nothing about the problem: JavaScript in tweets using OnMouseOver to automatically trigger a specified action.

This morning we saw Proof Of Concepts of the Twitter command being posted by Twitter users and then began to see end users tweeting the code virally. There is the potential for malware authors to spread malicious tweets using the flaw to direct users to other Web sites.

As of writing, hundreds of new tweets per second are being published on twitter.com using the OnMouseOver flaw. Twitter users whose accounts have been affected by the flaw include journalists and high-profile celebrities.
Websense blog

One of these high-profile celebrities was, according to Graham Cluley, Sarah Brown.

Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister.

It appears that in Sarah Brown’s case her Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan. That’s obviously bad news for her followers – over one million of them.
Graham Cluley’s blog

image half-inched from Graham Cluley's blog...

Just for the record, this is NOT Sarah Brown's other website!

It is the speed with which threats can spread through services like Twitter that is worrying.

While most examples of the ‘onmouseover’ security flaw seem to be people playing around with code without specific malicious aim [the early position]… …there’s a possibility that bad actors may use this to direct end-users to malware and phish pages [which of course happened very quickly]. I’d like to think Twitter will have this under control before that happens [not really; but nearly]. However, we are surprised that Twitter has not suspended the main twitter.com web site while it works on a fix.
Christopher Boyd, senior threat researcher at GFI Software

The fact is, Twitter did not immediately suspend the site. And it is this ‘unreliability’ of other people that leads Lumension to say we need a fundamental rethink.

We simply can’t just rely on spotting malicious activity and then reactively try to stop it from affecting us – we need to take proactive steps to ensure that regardless of what is happening on the web, corporate environments are trusted and safe.

To steer clear of infections introduced by these types of unpredictable web events, businesses need to move from a threat-centric model that focuses on trying to prevent the bad; to a trust-centric model that only allows what is known to be good to run on the machine.
Don Leatham, senior director of solutions & strategy, Lumension

Categories: Uncategorized
  1. Charles
    September 22, 2010 at 12:04 pm

    Actually, it didn’t spread that fast when you compare it to the I Love You worm, which was an email worm, which disabled 10% of mail servers. This hit 1% of the Twitter population from very much the same starting point (Far East).

    My reasoning why it didn’t spread worse – http://www.guardian.co.uk/technology/blog/2010/sep/22/twitter-hack-what-stopped-worm


  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s