Video Screencast Help
Reality Check

Don’t Fall for Malicious ‘Tweets’

Created: 27 Jan 2010 • Updated: 03 Jun 2014
Ctrox's picture
0 0 Votes
Login to vote

There’s an old saying in security circles: Once something’s popular, it’s only a matter of time before the bad guys show up. The latest example: Twitter, the wildly popular microblogging site that lets you know what your friends are doing.

First came the phishing scams. Phishing “tweets” arrived last year in the form of direct messages -- essentially private texts that only Twitter friends can send and only you can see. Typically the message would say something like “Hey, check out this funny blog about you” with a URL attached. The link directed you to a site that looks exactly like the Twitter log in, only the address is twitter.access-logins.com/login/. If you fell for the trap and logged in, your Twitter name and password were captured.

The solution, according to Twitter, is simple. Don’t log in. If you suspect that your profile has already been stolen, use Twitter's “reset password link,” which will send an email to the address on your account so you can create a new password.

Of course, it wasn’t long before scammers got a bit more creative.

Last summer saw a wave of fake Twitter invitations that came carrying a mass-mailing worm. The observed messages appeared as if they had been sent from a Twitter account; however, unlike a legitimate Twitter message, there was no invitation URL present in the body. Instead, the user would see an attachment that appears as a .zip file that purportedly contains an invitation card.

Invitation Card.zip is the name of the malicious attachment, and it was identified as W32.Ackantta.B@mm, which was first discovered in an e-card virus attack early last year. W32.Ackantta.B@mm is a mass-mailing worm that gathers email addresses from the compromised computer and spreads by copying itself to removable drives and shared folders.

Watch out for those tiny URLs

More recently, threats have sought to capitalize on the 140-character limit of tweets. To get around the problem of sharing Web pages with long URLs, URL-shortening utilities have grown in popularity on Twitter. Using such tools allows you to include a link that is well within the 140-character limit, redirecting anyone who clicks it to the longer URL that you wanted to share.

There’s just one downside here. From a security point of view, you have no idea where the link leads until you click it. Clicking a link like this is entirely a security leap of faith.

Not surprisingly, malware authors have caught on to this and have begun distributing misleading applications that employ these shortened URLs. Using enticing tweets and commonly used twitter search terms, they aim to get users to click on their links, leading to malicious code.

How can you protect yourself? Fortunately, both Firefox and Internet Explorer offer browser plug-ins that will check a shortened URL and show you the final URL before you click on it. While this won’t tell you for sure if the link is malicious, it at least allows you to look more carefully before clicking.

To watch a video of one of these malicious tweets in action, check out this Symantec security blog.

As Twitter continues to attract social networking users, we can expect to receive more and more invitations and email updates from fellow users. Keep in mind that scammers and spammers will also continue to use Twitter and other popular social networks as bait in their attacks.