Hackers Target Twitter Users to Send Spam via Direct Messages

Twitter, a popular social networking website, is now being targeted by a new attack that attempts to compromise user accounts so as to distribute spam through direct messages.

Initially, it was thought that probably the attack was a result of social engineering or phishing that might have exploited some cross-scripting vulnerability, asking users to provide their usernames and passwords on fake websites pretending as Twitter's legitimate website.

However, Chris Shiflett, a New York-based PHP and application security specialist, strongly believes that a new variant of Koobface worm, which hunts for session ID cookies, is behind this attack. These worms are implanted on users' systems when they agree to stay logged onto Twitter and tick the "Remember Me" box, as reported by stuff.co.nz on November 13, 2009.

Although the exact magnitude of the assault is not known, still through anecdotal evidences, it can be said that the attack has affected thousands of users. Once the worm get access to the session cookies, it can easily log on to the networking site Twitter, and distribute direct messages to the victim's followers.

Security experts noted that as social networking websites continue to attract millions of users every month, the danger of account hijacks, spam and virus attacks also mounts. Various cases of hackers compromising these social networks have highlighted flaws in the system.

In fact, several such assaults have been reported on Twitter alone. These attacks typically include worms, which lands on Twitter due to phishing attacks on the site and the hacking of URL-shortening service. In October 2009, users were tricked by fake Twitter accounts into downloading scareware.

Besides this, in April 2009, a 17-year-old New York-based student Michael Mookey used cross-scripting vulnerability to develop a virus, which circulated thousands of automated tweets. Twitter recognized this attack; however, claimed that it had not lost any user-sensitive data.

Twitter, on the other hand, is not the only social media service being compromised by attackers for years. Symantec Corp, a Web security firm, in February 2008 identified that attackers were exploiting vulnerability in the Internet Explorer plug-in used on MySpace. A spam e-mail was sent to users, which led them to a phony log-in page. The moment they logged in, their username and password would be stolen.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 11/23/2009