News: Twitter and cybercrime - a five year overview

Popular social networking site Twitter recently celebrated its 5th birthday, and since its inception in July 2006, the micro-blogging site has grown to become an essential part of many people’s daily lives.

Unfortunately Twitter has spawned multiple malware campaigns and continues to be a successful avenue of cybercrime attacks, which users need to be aware of.

The list below provides an outline of a few of the malware attacks Twitter has experienced during its lifecycle:

April 2007 – A vulnerability in SMS authentication allowed updating of someone else’s status via a text message. Twitter introduced a pin code option to resolve this vulnerability.
August 2008 – Twitter was attacked by cybercriminals who set up a specially crafted page with an ad for an erotic video. Clicking on the photo infected users with Trojan-downloader posing as a new version of Adobe Flash.
April 2009 – Twitter was hit by multiple variants of an XSS (cross-site scripting) worm. Thousands of messages containing the name ‘Mikey’ (the nickname of the author) were generated as the worm propagated.
June 2009 – Cybercriminals hijacked Twitter trending topics to serve malware. A malware serving campaign started abusing the trending systems to trick users into visiting bogus exclusive video sites and infect them with Malware.
July 2009 – A new Koobface modification enabled the infection to spread through Twitter users. Once an infected user attempts to log in to Twitter, Koobface hijacked the session and posted a tweet on behalf of the user in an attempt to infect the users followers.
May 2010 – A bug discovered allowed a malicious user to force others to follow them on Twitter.

“Security on Twitter has had an eventful history, even considering its relatively young age,” said Timothy Armstrong, security researcher at Kaspersky Lab. “There have been all sorts of different types of attacks from trending topics to hacked admins, to account hijacks, just to name a few.”

“Due to Twitter’s popularity and its constant security lapses as outlined above, the Federal Trade Commission brought charges against Twitter in mid 2010,” states Armstrong.

“As a result, Twitter had to adopt a number of new security policies, and now includes such security options as default Secure Sockets Layer (SSL) connectivity and OAUTH support for external Twitter clients.”

While measures have been put into place to mitigate security threats on Twitter, this site will continue to grow and achieve another five years of online social networking success.

“Considering this, it is therefore crucial for users to understand the types of malware activity that Twitter has experienced, as it remains a haven for active cybercriminals, for their own gain,” Armstrong concluded.

Kaspersky Lab has recently revealed that it has been ranked as the third largest vendor of consumer IT security software globally by research firm Gartner.

Twitter and cybercrime - a five year overview

Related Articles

Most Read Articles

Have Your Say