Twitter Attack May Have Its Origins in Malware

System administrators might be more pleased than dismayed when a social networking site such as Twitter locks out millions of users.

After all, conventional wisdom at companies suggests that no one except product marketers should be "tweeting" anyway. However, Thursday's denial-of-service (DoS) attack hitting Twitter is still noteworthy for IT security pros and administrators. Social networking appears here to stay, but such Web sites can be a launch pad for malware, phishing and spoofing attacks.

A Twitter blog indicated late on Thursday that its social networking site had faced a "massive, globally distributed attack," but that the service is mostly restored.

The Twitter DoS attack is said to have originated in Russia or the former Soviet republic of Georgia. It locked up a site that may support around 45 million users. The Twitter service promises a near real-time medium of information exchange, and when information moves that fast, so can malicious code.

"The Twitter outage was yet another case of growing pains with Twitter infrastructure simply not being able to keep up with the load associated with their rapid growth," said Paul Henry, security and forensics analyst at Lumension. "The onslaught of bogus messages that are directing users to malicious pages may in fact be overwhelming Twitter."

Meanwhile, some organizations are saying "No" to the social networking experiment. The U.S. Marine Corp. this week banned marines from using Twitter for a year, as well as Facebook.

The military service explained in a statement that social networking sites are generally "a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries." The U.S. Department of Defense is also putting social media technology under review.

Currently, a new version of the Koobface malware has been found in the wild that is using both Twitter and Facebook messages to lure potential victims to fake antivirus Web pages.

Twitter last month suspended several user accounts plagued by Koobface. Once a user is logged on to a social networking site, Koobface deploys fake messages, enticing a user's friend or follower to click on a link in the fake message. It's a textbook example of phishing.

The heavy use of URL-shortening on Twitter has made it nearly impossible to identify the domain. Consequently, it's easier to pass off a corrupt link as a trusted one through a Twitter message.

Twitter recently started filtering URLs to cut back on the amount of malware that users experience. However, the motivation behind Thursday's DoS attack might be inspired more by spite than revenge, according to Randy Abrams, director of technical education at security firm ESET.

"Twitter's actions must have hurt the bottom line of some criminal organizations, but there are still other ways thieves can make money and they make none at all if Twitter is down," Abrams said. "This leads to the thought that either it is a revenge attack by a disgruntled idiot or an attempt to gain fame by a hacker with more technical skills than brains."

Whatever the reason for the attack, it safe to say that as social networking grows in popularity and corporate use, so too will it grow as a vector for malicious activity that's just one "tweet" away.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus