Twitter Worm Stopped, Malware Threat Persists

By Lawrence Walsh  |  Print this article Print


Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame

Microblogging service Twitter is mopping up after a worm attack infected tens of thousands of its user profiles over the Easter holiday weekend. A 17-year-old New Yorker admitted to unleashing the worm designed to promote his rival social network, StalkDaily.

"All clear" is the word coming out of Twitter as it completes the mop-up work from an Easter weekend worm outbreak that infected tens of thousands of user profiles.

According to published reports, Twitter was attacked at least four times in the past week with a worm designed to infect profiles with an application that tricked users into clicking on a link to a rival social network. Once the target machines were infected, the worm would replicate and begin using the infected profile’s list to broadcast to other users.

Michael Mooney, a 17-year-old student in Brooklyn, told the Associated Press that he created the worm to promote his site, StalkDaily. He reportedly said that he didn’t think the worm would cause any damage or raise any issues.

Twitter and security experts say the worm was contained to the Twitter network, but the damage could have been much worse.

Security researchers and vendors have issued a steady stream of reports recently warning of the rising threat of malware and phishing attacks in social networks such as Twitter and Facebook. In a report issued by security vendor CommTouch this week, the threat of malicious links embedded in Twitter user updates and microblogs is amplified by TinyURL, a service that condenses and obscures original URLs. Twitter users often condense URLs to keep their updates within the 140-character limit.

"If a URL is condensed using TinyURL on Twitter, there is no way to know where it leads before it is clicked, except in the case of some Twitter add-ons such as Power Twitter that 'expand' the URL. In an attempt to overcome this issue, Twitter added an 'expanded URL' feature to its search page so savvy users can see what URL they will be going to (even if they do not know if that URL is safe or not), but this feature is still not available on individual tweets from the regular Twitter site," CommTouch said in its Q1 2009 Internet Threats Trend Report.

Similar threats in Web 2.0 applications have plagued services and users for years. Worms and phishing attacks began targeting instant messaging services, such as AIM and Yahoo Messenger, as early as 2002. What makes malware that targets social network different is that it hides malicious code deep in the media-rich sites and applications that make social networks popular.

Security vendors such as Websense, Trend Micro and Fortinet have begun addressing the social networking and Web 2.0 security threats with new applications designed to scan media-rich sites for malicious code without impeding user access or site functionality.


Lawrence Walsh Lawrence Walsh is editor of Baseline magazine, overseeing print and online editorial content and the strategic direction of the publication. He is also a regular columnist for Ziff Davis Enterprise's Channel Insider. Mr. Walsh is well versed in IT technology and issues, and he is an expert in IT security technologies and policies, managed services, business intelligence software and IT reseller channels. An award-winning journalist, Mr. Walsh has served as editor of CMP Technology's VARBusiness and GovernmentVAR magazines, and TechTarget's Information Security magazine. He has written hundreds of articles, analyses and commentaries on the development of reseller businesses, the IT marketplace and managed services, as well as information security policy, strategy and technology. Prior to his magazine career, Mr. Walsh was a newspaper editor and reporter, having held editorial positions at the Boston Globe, MetroWest Daily News, Brockton Enterprise and Community Newspaper Company.

Submit a Comment

Loading Comments...