Cybercriminals targeting Twitter "trending topics"

Share this article:
Cybercriminals are using Twitter to propagate malicious links in an attack that's easier to mount than black-hat search-engine optimization (SEO), according to PandaLabs.

Twitter “trending topics” are the subjects being noted most by users of the site. Cybercriminals are now regularly "tweeting" about these topics, and including malicious links in their tweets, Sean-Paul Correll, threat researcher and security evangelist at Panda Security, told SCMagazineUS.com Thursday. For instance, on Wednesday, Google Wave was a popular Twitter topic and cybercriminals posted tweets such as, “Unreal Google Wave” containing a link that took users to a malicious site, Correll said.

“Over the last 24 hours there have been over 3,000 malicious tweets,” Correll said.

The malicious links take users to adult-themed sites that attempt to infect users with rogue anti-virus products, but cybercriminals can change the attack at any time, Correll said.

This type of threat distribution method indicates that cybercriminals are evolving their attacks to make use of new services offered on the internet. For criminals, taking advantage of Twitter trends is easier than launching a black-hat SEO attack, according to Correll. That's because, with black-hat SEO, cybercriminals must host content to get their malicious links at the top of search results, he said. Using Twitter, criminals are able to get malicious links in the search results for popular terms with the ease of a tweet.

“Blackhat relies on web hosting, and Google indexing material,” Correll said. “With this type of attack they don't need web hosting, they send links on various trend topics.”

Correll recommended not clicking on links in trending topics.

“Avoid clicking links in trending topics at all costs,” he said. “I don't think they are going to stop targeting these any time soon.”
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.