Malicious use of Twitter

A worm appeared in April which used a cross-site scripting technique to infect Twitter users when they visited the profiles of other infected users.

It then infected the new user’s profile to continue propagating. New variants appeared, and finally the creator’s identity was revealed: one Mikey Mooney, who apparently wanted to attract users to a service competing with Twitter.

In early June, Twitter was the focus of other attacks, this time using different techniques, above all BlackHat SEO. Twitter has a feature called “Trending Topics”, which is a list of the most popular topics that appears in the interface of all Twitter users. When users select a topic through this feature, they will see all “tweets’ published related to this issue.

In this case, malicious users were writing tweets about the topics listed in Twitter Trends with links to malicious Web pages from which malware was downloaded.

The first attack focused on just one of the topics, but just a few days later the scope of the attack increased and all popular topics contained malicious links. When the actor David Carradine died, in just a few hours there were hundreds of malicious tweets, and the same occurred with other popular issues on Twitter.

The second anniversary of Collective Intelligence, a detailed analysis of the Waledac worm, trends regarding the sending of malware via spam and the evolution of BlackHat SEO techniques are just some of the other issues covered in the PandaLabs Quarterly Report.