Twitter Worms Get More Attention, but Is It Enough?


I can't do this in 140 characters, so bear with me. Twitter has become a player in some major organizations. Many users look to Twitter for Tweets from CEOs, engineers, and subject matter experts on topics ranging from new products, financial advice and security to just about everything else you could possibly think of.


Symantec Security Response has identified a new variant of the W32.Koobface (W32.Koobface.C) worm that is targeted toward Twitter. The worm works when an unsuspecting user clicks on a Tweet that looks like one of the following:


My home video:)

Watch my new private video! LOL:)

MichaelJackson' testament on YouTube


These are really links that redirect a user to a site to download a codec to watch a video. The worm then hijacks a user's session and posts a Tweet to all of a user's followers.


Symantec advices that users download the most up-to-date security software and avoid clicking on links that advertise a link to a video.


As enterprises use these social networking sites more and more as part of a business model, they need to understand -- and take seriously -- the fact that hackers are aggressively targeting these sites as well. The security warnings about Twitter started as soon as the site did, but don't seem to have sunk in very well. And now, the quickly growing list of third-party programs that most Twitter users eat up like candy is making the situation more dangerous by the day. In fact, July is the "Month of Twitter Bugs," at least according to security researcher Aviv Raff. From URL-shortening sites to aggregators and mobile platforms, he's taking a look and alerting Twitter and the third-party provider of the vulnerabilities. His aim is to reduce the opportunities for worm creation. You can track the progress on fixes for all of these vulnerabilities on the TwitPwn site.