The Threat Of Twitter

Home » FUD-busting, Internet, Virus and Malware » The Threat Of Twitter

Jul, Mon 13th, 2009 Posted in : FUD-busting, Internet, Virus and Malware By : Jeremy 0 Comments

Since Twitter has become mainstream, more and more people use it. Unfortunately that also includes spammers and hackers. And there aren’t many ways to protect yourself from malicious code.

The problem lies with the URL shortening services that are all over the tweets, and by extension over Facebook and My Space to name a few. The problem lies with the fact that those shortened URL’s can go anywhere. And since they’re created on the fly, there’s no prior record of them. So how do you know where they go?

People are slowly becoming more accustomed to the techniques of spammers and hackers. Very slowly, but it’s happening. Not content with letting their source of funds dry up, these people are predictably changing their methods.

Picture this scenario… a brute force password-guessing attack is used on someones Twitter account. The account is compromised, and the hacker has access. They post a link on the timeline of the compromised account, and use a URL shortening service like tinyurl or bit.ly to obfuscate the true target… a malicious website that they (the hacker) have put up. And to make matters worse, the account that was compromised also updates the Facebook wall, and posts an item to the My Space page all at the same time.

Now… if you saw a link from a friend, would you think it was compromised?

Believing you’re protected or “smart enough to tell” isn’t always an answer either. In a 2008 National Cyber Security Alliance study, “(a)lmost 50 percent of respondents do not know how to determine if a Web site is safe before visiting it”. In a 2004 study by the same group (reference unavailable) over 60% of respondents did NOT have updated anti-virus signatures. URL scanners with many anti-virus programs won’t do the trick, because they get bypassed. And if it’s a new attack, the broswer’s built-in protection won’t have had a chance to update its internal database of bad websites.

So what to do?

Well, the first step is to ensure that Windows patches are up to date, because that’s what most of the exploits are going after. Second, make sure your anti-virus is up to date, and set to update itself on a daily basis. And third, be aware that much of what is on the Internet is not a ‘Good Thing’. Be a little bit cynical. Alternatively, you can to subscribe to a service that does all the security for you (like CPG Systems’ Total Guard Protection service) and manages the patches, anti-virus and anti-spyware to ensure they’re all up to date.

Either way, be sure to talk to your IT support folks, and be certain that your anti-virus (and technology) is being kept in check.