If you are a regular listener to our podcast, you will remember that Paul and I have just been waiting for the day when all those social media sites will get used for malware. Of course, Myspace, in our oppinion, has been the “wretched hive of scum and villainy” for some time, we have recently seen some issues with Facebook application being used for creating botnets.
While I personally thought that the Facebook botnet was a neat concept; create a “legit app”, then update it later to include the bot goodies after lots of people of using it (man, those Scrabulous guys had it ALL wrong!), I must say I was completely underwhelmed by the recent malware distribution by a Twitter account.
This new distribution with Twitter posted a link to a photo gallery, which ultimately included some malware to harvest Orkut credentials. The Twitter post still required manual intervention from the user, and attempted to create some legitimacy of the account by having 17 other followers – all obvious fakes.
I will say that the features (or lack there of) of Twitter, really do make it hard at this point to deliver attacks, due to the lack of third party applications, or scripting in posts. The only attack I can see at this point is something delivered through a malformed image, or in this case through a link that requires user intervention.
Of course automatic URL shortening by Twitter make this easier to get by users…so, the long and the short. Be careful what you click on on Twitter; it could be an exploit, or something NSFW.
Be safe, and don’t drink and use social networks.
– Larry “haxorthematrix” Pesce