If it looks like it, smells like it and tastes like it, make sure you don’t tread in it
I had a Direct Message tweet from a friend and work colleague. It didn’t ring true – see for yourself:
If anyone offers you a free iPhone, RUN!
But curiosity is a wonderful, if dangerous, thing. I had a look. First warning came from Bit.Ly. Multiple shortenings are things bad guys sometimes do to fool us:
But I persisted. I went there anyway (protected by NoScript) and asked both Web of Trust (WOT) and McAfee TrustedSource for their opinion. WOT was not very reassuring:
And McAfee was positively damning:
…specifically associating the website with phishing attempts. I’m sure glad I didn’t tread in it!
But what it does mean is that my friend and colleague has been hacked. And when I think about it, I know very little about Twitter hacks. So I asked Kaspersky’s Ram Herkanaidu to explain things to me.
“This type of attack is nothing new,” he said. “The criminals know the potential of Twitter as an infection vector, and social networks in general are an increasingly effective way for cybercriminals to deliver malware. In this instance, the account used for spamming would have had its password stolen, and the victim will not know anything about it until the criminals starts using it.”
OK; but how do the criminals go about stealing Twitter credentials?
“This is typically done using malware; many spy or password stealing Trojans can get this information,” he explained. “There are also numerous offers on the black market for stolen Twitter accounts. Another way is to use Twitter’s trending topics. They monitor the latest buzz words and use that to get people to click on the links. These lead to sites which host malware. A typical way is tell the user that they do not have the right codec (converter) to play a video. By clicking ‘Yes’ to install the codec it actually downloads the malware.”
In other words, apart from standard spyware, a common way to steal Twitter credentials is to use Twitter! So how do we defend ourselves. I asked Ram Herkanaidu for his top tips; and he said:
- Don’t respond to trending topics especially if it has a short URL.
- Use preview extension to see what the real URL is.
- Pay special attention to any tweets coming with 2 or more trending topics in the body, since these are highly likely to be malicious.
- Use a good Internet security suite.
- Use ‘https’, i.e. an encrypted connection, to log in to Twitter.
- Try to avoid logging in from open (not encrypted) WiFi networks.
- Don’t log in from a public PC available at airports, Internet cafés and elsewhere.
This blog is moving to ITsecurity.co.uk, where it will be bigger and better than ever. Please join us.
The all-time most popular stories on this site
- What’s with the TrueCrypt warning?
- ITsecurity.co.uk went live
- We’re moving and expanding!
- More on the Avast breach and the hash used
- Avast forum hack demonstrates we need password storage disclosure
- Hector ‘Sabu’ Monsegur to be sentenced while Hammond sits in prison
- The eBay hack, the loss of 140 million records, and the PR fiasco
- The Master Troll, Weev, delivers a masterpiece of trolling
- FBI indicts five members of the Chinese military for hacking US companies
- Worldwide crackdown on BlackShades RAT users
- June 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- August 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010