“All clear” is the word coming out of Twitter as it completes the mop-up
work from an Easter weekend worm outbreak that infected tens of thousands of
user profiles.
According to published reports, Twitter was attacked at least four times in
the past week with a worm designed to infect profiles with an application that
tricked users into clicking on a link to a rival social network. Once the
target machines were infected, the worm would replicate and begin using the
infected profile’s list to broadcast to other users.
Michael Mooney, a 17-year-old student in Brooklyn,
told the Associated Press that he created the worm to promote his site,
StalkDaily. He reportedly said that he didn’t think the worm would cause any
damage or raise any issues.
Twitter and security experts say the worm was contained to the Twitter
network, but the damage could have been much worse.
Security researchers and vendors have issued a steady stream of reports
recently warning of the rising threat of malware and phishing attacks in social
networks such as Twitter and Facebook. In a report issued by security vendor
CommTouch this week, the threat of malicious links embedded in Twitter user
updates and microblogs is amplified by TinyURL, a service that condenses and
obscures original URLs. Twitter users often condense URLs to keep their updates
within the 140-character limit.
“If a URL is condensed using TinyURL on Twitter, there is no way to know
where it leads before it is clicked, except in the case of some Twitter add-ons
such as Power Twitter that ‘expand’ the URL. In an attempt to overcome this
issue, Twitter added an ‘expanded URL’ feature to its search page so savvy
users can see what URL they will be going to (even if they do not know if that
URL is safe or not), but this feature is still not available on individual
tweets from the regular Twitter site,” CommTouch said in its Q1 2009 Internet
Threats Trend Report.
Similar threats in Web 2.0 applications have plagued services and users for
years. Worms and phishing attacks
began targeting instant messaging services, such as AIM
and Yahoo Messenger, as early as 2002. What makes malware that targets social
network different is that it hides malicious code deep in the media-rich sites
and applications that make social networks popular.
Security vendors such as Websense, Trend Micro and Fortinet have begun
addressing the social networking and Web 2.0 security threats with new applications
designed to scan media-rich sites for malicious code without impeding user
access or site functionality.