Cybercriminals targeting Twitter "trending topics"

Share this article:
Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.

Twitter “trending topics” are the subjects being noted most by users of the site. Cybercriminals are now regularly "tweeting" about these topics, and including malicious links in their tweets, Sean-Paul Correll, threat researcher and security evangelist at Panda Security, told SCMagazineUS.com Thursday. For instance, on Wednesday, Google Wave was a popular Twitter topic and cybercriminals posted tweets such as, “Unreal Google Wave” containing a link that took users to a malicious site, Correll said.

“Over the last 24 hours there have been over 3,000 malicious tweets,” Correll said.

The malicious links take users to adult-themed sites that attempt to infect users with rogue anti-virus products, but cybercriminals can change the attack at any time, Correll said.

This type of threat distribution method indicates that cybercriminals are evolving their attacks to make use of new services offered on the internet. For criminals, taking advantage of Twitter trends is easier than launching a black-hat SEO attack, according to Correll. That's because, with black-hat SEO, cybercriminals must host content to get their malicious links at the top of search results, he said. Using Twitter, criminals are able to get malicious links in the search results for popular terms with the ease of a tweet.

“Blackhat relies on web hosting, and Google indexing material,” Correll said. “With this type of attack they don't need web hosting, they send links on various trend topics.”

Correll recommended not clicking on links in trending topics.

“Avoid clicking links in trending topics at all costs,” he said. “I don't think they are going to stop targeting these any time soon.”
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Reported breaches involving zero-day bug at JPMorgan Chase, other banks

Reported breaches involving zero-day bug at JPMorgan Chase, ...

Hackers exploited a zero-day vulnerability and gained access to sensitive information from JPMorgan Chase and at least four other financial institutions, reports indicate.

Data on 97K Bugzilla users posted online for about three months

During a migration of the testing server for test builds of Bugzilla software, data on about 97,000 Bugzilla users was inadvertently posted publicly online.

Chinese national had access to data on 5M Arizona drivers, possible breach ...

Although Lizhong Fan left the U.S. in 2007, the agencies responsible for giving him access to Americans' personal information have yet to disclose the details of the case to the public.