Twitter Suspends User Accounts Infected With Koobface Worm
Researchers say worm sends tweets with a variety of URLs that lead victims to malware infection
Twitter is warning members that the Koobface worm is on the loose in the Twitterverse, and that the social network is temporarily suspending any accounts it discovers spreading the worm.
In a blog post last night, Twitter said some Twitter users' PCs were infected with a variant of Koobface, which sends phony tweets when the infected user logs onto his or her Twitter account.
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- Simple, Effective Patch Management: From Dilemma to Done Deed
- Thwart off Application-Based Security Exploits: Protect Against Zero-Day Attacks, Malware, Advanced Persistent Threats
"We are currently suspending all accounts that we detect sending such bogus tweets. If we suspend your account, we will send you an email notifying you of the suspension. This email also includes tips for removing the malware from your PC," the Twitter blog said.
As in previous attacks on other social networking sites, the worm's mode of infection is a phony video link that, when clicked, infects the user with the worm. Among the Koobface tweets are messages similar to ones Koobface used on Facebook -- "My home video," "Watch my new private video! LOL :)" and some links purportedly to Michael Jackson video clips, according to Graham Cluley, senior technology consultant for Sophos. Cluley blogged about the attacks today.
Koobface has been used to target users on Facebook, MySpace, and other social networking sites during the past year, spreading via an infected member's profile to his friends' profiles.
And the worm won't die: Kaspersky Lab has reported a big surge in the number of Koobface variants in June, to about 1,000 -- up from 324 in May.
Trend Micro researchers had detected the jump in Koobface activity last night and this morning; the worm sent tweets with a variety of URLs that lead to the malware. "This is in contrast with previous Koobface Twitter activity wherein only three TinyURLs pointing to Koobface were used," blogged Ryan Flores, advanced threats researcher for Trend Micro, which initially detected hundreds of infected Twitter accounts in just a few hours last night.
It was unclear at this posting just how many accounts had been affected and suspended by Twitter. Twitter had not responded to requests for an interview and update on the attack.
Koobface is the latest of a series of attacks lobbed at Twitter recently -- the microblogging site also was hit with a pair of phishing attacks in May.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.