Security Weekly

Owned via Twitter

If you are a regular listener to our podcast, you will remember that Paul and I have just been waiting for the day when all those social media sites will get used for malware. Of course, Myspace, in our oppinion, has been the “wretched hive of scum and villainy” for some time, we have recently seen some issues with Facebook application being used for creating botnets.
While I personally thought that the Facebook botnet was a neat concept; create a “legit app”, then update it later to include the bot goodies after lots of people of using it (man, those Scrabulous guys had it ALL wrong!), I must say I was completely underwhelmed by the recent malware distribution by a Twitter account.
This new distribution with Twitter posted a link to a photo gallery, which ultimately included some malware to harvest Orkut credentials. The Twitter post still required manual intervention from the user, and attempted to create some legitimacy of the account by having 17 other followers – all obvious fakes.
I will say that the features (or lack there of) of Twitter, really do make it hard at this point to deliver attacks, due to the lack of third party applications, or scripting in posts. The only attack I can see at this point is something delivered through a malformed image, or in this case through a link that requires user intervention.
Of course automatic URL shortening by Twitter make this easier to get by users…so, the long and the short. Be careful what you click on on Twitter; it could be an exploit, or something NSFW.
Be safe, and don’t drink and use social networks.
– Larry “haxorthematrix” Pesce

Larry Pesce

Larry’s core specialties include hardware and wireless hacking, architectural review, and traditional pentesting. He also regularly gives talks at DEF CON, ShmooCon, DerbyCon, and various BSides. Larry holds the GAWN, GCISP, GCIH, GCFA, and ITIL certifications, and has been a certified instructor with SANS for 5 years, where he trains the industry in advanced wireless and Industrial Control Systems (ICS) hacking. Larry’s independent research for the show has led to interviews with the New York Times with MythBusters’ Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (DE KB1TNF), and thinking of ways to survive the impending zombie apocalypse.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.