Twitter Worm Stopped, Malware Threat PersistsBy Lawrence Walsh | Posted 2009-04-14 Email Print
Microblogging service Twitter is mopping up after a worm attack infected tens of thousands of its user profiles over the Easter holiday weekend. A 17-year-old New Yorker admitted to unleashing the worm designed to promote his rival social network, StalkDaily.
"All clear" is the word coming out of Twitter as it completes the mop-up work from an Easter weekend worm outbreak that infected tens of thousands of user profiles.
According to published reports, Twitter was attacked at least four times in the past week with a worm designed to infect profiles with an application that tricked users into clicking on a link to a rival social network. Once the target machines were infected, the worm would replicate and begin using the infected profile’s list to broadcast to other users.
Michael Mooney, a 17-year-old student in Brooklyn, told the Associated Press that he created the worm to promote his site, StalkDaily. He reportedly said that he didn’t think the worm would cause any damage or raise any issues.
Twitter and security experts say the worm was contained to the Twitter network, but the damage could have been much worse.
Security researchers and vendors have issued a steady stream of reports recently warning of the rising threat of malware and phishing attacks in social networks such as Twitter and Facebook. In a report issued by security vendor CommTouch this week, the threat of malicious links embedded in Twitter user updates and microblogs is amplified by TinyURL, a service that condenses and obscures original URLs. Twitter users often condense URLs to keep their updates within the 140-character limit.
"If a URL is condensed using TinyURL on Twitter, there is no way to know where it leads before it is clicked, except in the case of some Twitter add-ons such as Power Twitter that 'expand' the URL. In an attempt to overcome this issue, Twitter added an 'expanded URL' feature to its search page so savvy users can see what URL they will be going to (even if they do not know if that URL is safe or not), but this feature is still not available on individual tweets from the regular Twitter site," CommTouch said in its Q1 2009 Internet Threats Trend Report.
Similar threats in Web 2.0 applications have plagued services and users for years. Worms and phishing attacks began targeting instant messaging services, such as AIM and Yahoo Messenger, as early as 2002. What makes malware that targets social network different is that it hides malicious code deep in the media-rich sites and applications that make social networks popular.
Security vendors such as Websense, Trend Micro and Fortinet have begun addressing the social networking and Web 2.0 security threats with new applications designed to scan media-rich sites for malicious code without impeding user access or site functionality.