Twitter Attack May Have Its Origins in Malware

System administrators might be more pleased than dismayed when a social networking site such as Twitter locks out millions of users.

After all, conventional wisdom at companies suggests that no one except product marketers should be "tweeting" anyway. However, Thursday's denial-of-service (DoS) attack hitting Twitter is still noteworthy for IT security pros and administrators. Social networking appears here to stay, but such Web sites can be a launch pad for malware, phishing and spoofing attacks.

A Twitter blog indicated late on Thursday that its social networking site had faced a "massive, globally distributed attack," but that the service is mostly restored.

The Twitter DoS attack is said to have originated in Russia or the former Soviet republic of Georgia. It locked up a site that may support around 45 million users. The Twitter service promises a near real-time medium of information exchange, and when information moves that fast, so can malicious code.

"The Twitter outage was yet another case of growing pains with Twitter infrastructure simply not being able to keep up with the load associated with their rapid growth," said Paul Henry, security and forensics analyst at Lumension. "The onslaught of bogus messages that are directing users to malicious pages may in fact be overwhelming Twitter."

Meanwhile, some organizations are saying "No" to the social networking experiment. The U.S. Marine Corp. this week banned marines from using Twitter for a year, as well as Facebook.

The military service explained in a statement that social networking sites are generally "a proven haven for malicious actors and content and are particularly high risk due to information exposure, user generated content and targeting by adversaries." The U.S. Department of Defense is also putting social media technology under review.

Currently, a new version of the Koobface malware has been found in the wild that is using both Twitter and Facebook messages to lure potential victims to fake antivirus Web pages.

Twitter last month suspended several user accounts plagued by Koobface. Once a user is logged on to a social networking site, Koobface deploys fake messages, enticing a user's friend or follower to click on a link in the fake message. It's a textbook example of phishing.

The heavy use of URL-shortening on Twitter has made it nearly impossible to identify the domain. Consequently, it's easier to pass off a corrupt link as a trusted one through a Twitter message.

Twitter recently started filtering URLs to cut back on the amount of malware that users experience. However, the motivation behind Thursday's DoS attack might be inspired more by spite than revenge, according to Randy Abrams, director of technical education at security firm ESET.

"Twitter's actions must have hurt the bottom line of some criminal organizations, but there are still other ways thieves can make money and they make none at all if Twitter is down," Abrams said. "This leads to the thought that either it is a revenge attack by a disgruntled idiot or an attempt to gain fame by a hacker with more technical skills than brains."

Whatever the reason for the attack, it safe to say that as social networking grows in popularity and corporate use, so too will it grow as a vector for malicious activity that's just one "tweet" away.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.


  • OneDrive Users To Get Storage Options, Plus New Personal Vault

    Microsoft announced a few OneDrive enhancements, including storage-option additions, plus a new "Personal Vault" feature for added security assurance.

  • Cloud Services Starting To Overtake On-Prem Database Management Systems

    Database management system (DBMS) growth is happening more on the cloud services side than on the traditional "on-premises" side, according to a report by Gartner Inc.

  • How To Replace an Aging Domain Controller

    If the hardware behind your domain controllers has become outdated, here's a step-by-step guide to performing a hardware refresh.

  • Azure Backup for SQL Server 2008 Available at Preview Stage

    Microsoft added the option of using the Azure Backup service to provide recovery support for SQL Server 2008 and SQL Server 2008 R2 when those workloads are hosted on Azure virtual machines.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.