Cybercriminals targeting Twitter "trending topics"

Share this article:
Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.

Twitter “trending topics” are the subjects being noted most by users of the site. Cybercriminals are now regularly "tweeting" about these topics, and including malicious links in their tweets, Sean-Paul Correll, threat researcher and security evangelist at Panda Security, told SCMagazineUS.com Thursday. For instance, on Wednesday, Google Wave was a popular Twitter topic and cybercriminals posted tweets such as, “Unreal Google Wave” containing a link that took users to a malicious site, Correll said.

“Over the last 24 hours there have been over 3,000 malicious tweets,” Correll said.

The malicious links take users to adult-themed sites that attempt to infect users with rogue anti-virus products, but cybercriminals can change the attack at any time, Correll said.

This type of threat distribution method indicates that cybercriminals are evolving their attacks to make use of new services offered on the internet. For criminals, taking advantage of Twitter trends is easier than launching a black-hat SEO attack, according to Correll. That's because, with black-hat SEO, cybercriminals must host content to get their malicious links at the top of search results, he said. Using Twitter, criminals are able to get malicious links in the search results for popular terms with the ease of a tweet.

“Blackhat relies on web hosting, and Google indexing material,” Correll said. “With this type of attack they don't need web hosting, they send links on various trend topics.”

Correll recommended not clicking on links in trending topics.

“Avoid clicking links in trending topics at all costs,” he said. “I don't think they are going to stop targeting these any time soon.”
Share this article:

Sign up to our newsletters

More in News

Leahy bill would end bulk data collection, introduce reforms

Leahy bill would end bulk data collection, introduce ...

Sen. Patrick Leahy introduced an NSA reform bill that would update the USA Freedom Act.

House passes two cyber security bills

One bill aims to improve agencies' website security, while another works to thwart critical infrastructure attacks.

A five-month-long Tor attack attempting to 'deanonymize' users

For roughly five months beginning in January, traffic confirmation attacks were used to attempt to "deanonymize" Tor users.