A dangerous mix: Twitter auto feeds combined with 140,000 followers
It's a dangerous combination: 140,000 followers and a Twitter account that generates its Tweets from other pages via auto feeds. Unknown attackers have exploited the Twitter account of venture capitalist and former Apple evangelist Guy Kawasaki to spread links to malware. The link in a Tweet allegedly lead to sex videos involving American actress and singer-songwriter Leighton Meester: "Leighton Meester sex tape video free download!"
The dubious Tweet originated from an unmoderated automatic feed from the NowPublic page, which collates news from community posts. Cyber criminals have also tried to use forged Twitter invitations to spread their malware via email attachments.
Mac OS X users visiting the page were informed that they needed to first download and install a codec in order to play the video. The so called codec was in fact the OSX/Jahlav-C Mac trojan. Anti-virus vendor Sophos had only recently warned about an increase in malware for Apple's operating system. Windows users were also slipped a Windows trojan on the page. In the event of a successful infection, the trojans compromised the operating system's DNS entries, directing users to phishing pages even when they manually entered a URL in their browsers, rather than clicked on a link. It's still unknown how many users fell victim to the attack.
Since Twitter's growing popularity will likely tempt more and more criminals to try to exploit the service, users should exercise caution with Tweet contents and other Twitter-related services. Security specialist Aviv Raff has announced that July will be the "Month of Twitter Bugs" (MoTB), during which he intends to release one hole or vulnerability in connection with the Twitter API every day.
The shortened URLs particularly make easy work for the criminals. They hide the real targets, making it nearly impossible for users to only follow links to known or trusted web pages. Those who don't want to rely on short URLs can use a URL expander. The "Lost+Found" feature at The H Security recently presented a Firefox add-on which offers a preview of the link target for several services. The H Security "Lost+Found" posts provide a round up of useful security information that are too short for news, but too good to lose.