Twitter Hack Initiates Spam & Rogueware Campaigns

According to the ChannelWeb news reports published on August 10, 2009, there is a rampant increase in spam and rogueware or scareware as DDoS attacks targeted Facebook, Twitter and other social networking websites during early August 2009, which apparently tried to stifle Cyxymu (a blogging website designed to promote Georgian issues).

Security specialists at McAfee said - cyber criminals especially spammers and malware purveyors have exploited the popularity of Cyxymu so that they may manipulate search engine results to get their scareware websites into the search indexes.

The company's researchers further state that a malicious e-mail campaign consisting of links to Cyxymu blogs as well as reference to Twitter accounts (showing spoofed sender's address) started around 13:00 BST, many hours prior to a distributed denial of service (DDoS) assault hitting Facebook and Twitter.

Dmitri Alperovitch, a researcher at McAfee via a posting on the company blog, said - the DDoS attack was possibly to intimidate Cyxymu about the intended target in the attack, as reported by ChannelWeb.

Alperovitch observed that the malicious e-mail campaign spammed web-links to the blogger's website perhaps to send overwhelming traffic to the servers so that the systems might crash.

Moreover, security companies 'Arbor' and 'McAfee' performed a combined assessment which indicated that the 'Joe Job spam' messages crafted not to promote Viagra, but to lure a user into clicking on a web-link so that the site it was connected to might be harmed, spoofed the name of Cyxymu with the intention to dishonor that user. As a result, Twitter.com and other social networking sites might have been loaded with huge traffic, but the true destruction was performed later via the DDoS attack.

Security specialists say that the attack gradually became more sophisticated so that it couldn't be easily prevented, and partially originated from the bot network that also sent the first spam messages.

Meanwhile, researchers at SophosLabs stated via a posting on their blog that they spotted several spam mails after the attacks in which Cyxymu allegedly apologized in perfect English. The apparent apology had no connection with Cyxymu but tried to actually isolate the blogger.

Related article: Twitter Flaw Compels Victims to Follow Hacker’s Account

» SPAMfighter News - 8/26/2009