Dark Reading
Risky Business
Do more than just cursory scans. Develop
a holistic approach to app security.
Find out how!
Learn to take the ambiguity out of managing IT so you can guide your business forward.
Download now!
Use these tips from Gartner to identify the EPP solution that best suits your business.
Download now!
Twitter Suspends User Accounts Infected With Koobface Worm
Researchers say worm sends tweets with a variety of URLs that lead victims to malware infectionJul 10, 2009 | 04:35 PM
By Kelly Jackson HigginsDarkReading
Twitter is warning members that the Koobface worm is on the loose in the Twitterverse, and that the social network is temporarily suspending any accounts it discovers spreading the worm.
In a blog post last night, Twitter said some Twitter users' PCs were infected with a variant of Koobface, which sends phony tweets when the infected user logs onto his or her Twitter account.
"We are currently suspending all accounts that we detect sending such bogus tweets. If we suspend your account, we will send you an email notifying you of the suspension. This email also includes tips for removing the malware from your PC," the Twitter blog said.
As in previous attacks on other social networking sites, the worm's mode of infection is a phony video link that, when clicked, infects the user with the worm. Among the Koobface tweets are messages similar to ones Koobface used on Facebook -- "My home video," "Watch my new private video! LOL :)" and some links purportedly to Michael Jackson video clips, according to Graham Cluley, senior technology consultant for Sophos. Cluley blogged about the attacks today.
Koobface has been used to target users on Facebook, MySpace, and other social networking sites during the past year, spreading via an infected member's profile to his friends' profiles.
And the worm won't die: Kaspersky Lab has reported a big surge in the number of Koobface variants in June, to about 1,000 -- up from 324 in May.
Trend Micro researchers had detected the jump in Koobface activity last night and this morning; the worm sent tweets with a variety of URLs that lead to the malware. "This is in contrast with previous Koobface Twitter activity wherein only three TinyURLs pointing to Koobface were used," blogged Ryan Flores, advanced threats researcher for Trend Micro, which initially detected hundreds of infected Twitter accounts in just a few hours last night.
It was unclear at this posting just how many accounts had been affected and suspended by Twitter. Twitter had not responded to requests for an interview and update on the attack.
Koobface is the latest of a series of attacks lobbed at Twitter recently -- the microblogging site also was hit with a pair of phishing attacks in May.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
China Shutters Hacker 'Boot Camp' 02/09/2010
Hacker Unleashes BlackBerry Spyware Source Code 02/08/2010
The Evolving Malware Threat: Is Your Organization Protected from All Angles? 02/17/2010
Daily log review sucks, here's how to make it easier 01/28/2010
DIGITAL ASSETS
The Tangled Web: Silent Threats & Invisible Enemies
02/02/2010
From the Field: A Hacker's Story
02/01/2010
Subscribe to RSSChina Shutters Hacker 'Boot Camp'
GAO Report: NASA Still Facing Weaknesses In IT Security
Hospitality Industry Hit Hardest By Hacks
MORE KEYHOLE
Published:2010-01-22
Severity:High
Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
Published:2010-01-22
Severity:High
Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
Published:2010-01-22
Severity:Medium
Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
Published:2010-01-22
Severity:High
Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
|
