Home > All, Security Issues > If it looks like it, smells like it and tastes like it, make sure you don’t tread in it

If it looks like it, smells like it and tastes like it, make sure you don’t tread in it

January 25, 2011 Leave a comment Go to comments

I had a Direct Message tweet from a friend and work colleague. It didn’t ring true – see for yourself:

suspect DM

If you get offered a free iPhone – run!

If anyone offers you a free iPhone, RUN!

But curiosity is a wonderful, if dangerous, thing. I had a look. First warning came from Bit.Ly. Multiple shortenings are things bad guys sometimes do to fool us:

Click for full size

Bit.Ly filters URLs that have been shortened more than once

But I persisted. I went there anyway (protected by NoScript) and asked both Web of Trust (WOT) and McAfee TrustedSource for their opinion. WOT was not very reassuring:

WOT score

Hmm. No, don't think I should go there...

And McAfee was positively damning:

mcafee warning

Further down the page, McAfee specifically warns of phishing activity

…specifically associating the website with phishing attempts. I’m sure glad I didn’t tread in it!

But what it does mean is that my friend and colleague has been hacked. And when I think about it, I know very little about Twitter hacks. So I asked Kaspersky’s Ram Herkanaidu to explain things to me.

click for full size

Ram Herkanaidu, security researcher at Kaspersky Lab

“This type of attack is nothing new,” he said. “The criminals know the potential of Twitter as an infection vector, and social networks in general are an increasingly effective way for cybercriminals to deliver malware. In this instance, the account used for spamming would have had its password stolen, and the victim will not know anything about it until the criminals starts using it.”

OK; but how do the criminals go about stealing Twitter credentials?

“This is typically done using malware; many spy or password stealing Trojans can get this information,” he explained. “There are also numerous offers on the black market for stolen Twitter accounts. Another way is to use Twitter’s trending topics. They monitor the latest buzz words and use that to get people to click on the links.  These lead to sites which host malware. A typical way is tell the user that they do not have the right codec (converter) to play a video. By clicking ‘Yes’ to install the codec it actually downloads the malware.”

In other words, apart from standard spyware, a common way to steal Twitter credentials is to use Twitter! So how do we defend ourselves. I asked Ram Herkanaidu for his top tips; and he said:

  • Don’t respond to trending topics especially if it has a short URL.
  • Use preview extension to see what the real URL is.
  • Pay special attention to any tweets coming with 2 or more trending topics in the body, since these are highly likely to be malicious.
  • Use a good Internet security suite.
  • Use ‘https’, i.e. an encrypted connection, to log in to Twitter.
  • Try to avoid logging in from open (not encrypted) WiFi networks.
  • Don’t log in from a public PC available at airports, Internet cafés and elsewhere.


Categories: All, Security Issues
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s