Customized Malicious Twitter Posts Increasing at a Rapid Pace

In a recent report, security firm Trend Micro's spokesman Rik Ferguson has stated that malicious Twitter posts are becoming dangerously customized, thereby increasing the probability of users getting struck into malicious scams, reported Trend Lab malware Blog on July 27, 2009.

It has been merely two days when Twitter successfully cleared-out spambot accounts. At the moment, this new campaign is gaining speed, at a measured speed of 33 tweets per hour and hundreds of specially developed Twitter accounts are being used in this.

According to reports, a Twitter spambot have been used in this recent attack. The spambot fabricates Twitter accounts and makes them appear as legit accounts by posting apparently harmless Twitter posts, such as those sharing websites visited by them, or music they listen. The spambot accounts then send tweets to unaware users, sharing link to certain PC repair tool they purportedly came in contact with, stated Ferguson.

In the majority of cases, the creation of fake Twitter accounts predates the clean-up operations of Twitter; the accounts have been registered on July 20th and 21st in all the cases analyzed by the researcher.

Besides this, the suspected domain "doiop.com" is one among the several URL shortening websites which are currently mushrooming at a rapid pace. Though, it is not the first occasion it has served as a mediator for launching attacks.

Moreover, the recent attack's social engineering elements rotate around the rising sophistication of automated tweeting. On this occasion, the scam accounts are just not simply continuing to post one of the selected malicious tweets to the large population using Twitter. Also, they are not trying to cash in on the current news topics. This is because these techniques are familiar and easily detectable by the Twitter administrators, which leads to the quick shutdown of the fake accounts.

Experts have observed spammers conducting their activities in a number of ways; however, one is to track a large number of people on Twitter, hoping that some percentage will follow in turn. As per the security firm Sophos, one-fourth firms have been vulnerable to spam, malware or phishing attacks through social networking sites like Facebook, Twitter, MySpace and Linkedln.

Related article: Customer’s Data Leaked Out of a UK Loan Website

» SPAMfighter News - 8/12/2009