Brazilian Hackers Turn to Twitter

This may not seem like surprising news, considering hackers tend to hang out where they are sure to get the most eyeballs, but the issue itself is of enough concern to warrant forewarning. Dmitry Bestuzhev of Kaspersky Labs has done some research and uncovered a Twitter profile which promises a pornographic video, but links to a site with a fake Adobe Flash-looking update which is required to view the video. This update, of course, is malware in disguise which installs 10 trajans that are tailored to look like MP3 files.

The attack is dangerous because of a few key reasons. First, it’s inexpensive to do. Bestuzhev goes on to say that the bad guy only needs a server and a few purchased trojans. Second, public Twitter profiles can be seen on the main site and are indexed by Google and other search engines. This means that the the more popular the fake profile is, the more likely it is to be linked to one from a search result.

The concept of Twitter makes these security concerns more real. Because there is a 140 character limit, users often resort to avoid posting in proper English and use sites like TinyURL to share web pages with their followers, which increase the likelihood of someone clicking a link by mistake. Even if this example is one of the only attackers out there, the reality is this trend is one that can certainly continue.

Social websites like Facebook and MySpace have attracted a great deal of attention as targets of opportunity for phishing scams, but they are scarcely the only two social networking sites. New information suggests that hackers have tuned in to the newfound popularity of microblogging, and are at the very least evaluating Twitter as a potential target.