Help Twitter to Nail Spammers

Today we’ve added another tool to our spam fighting toolbox that will give users the ability to flag bad accounts on Twitter.

 

Folks can now help us conquer spam by calling our attention to a profile they find questionable. Click the “Report as spam” button under the Actions section of a profile’s sidebar and our Trust and Safety team will check it out to see what needs to be done. No automated action will be taken as a result of reporting a user as spam (in other words, it can’t be used to incite an angry mob against an account you don’t like.) And once you report a profile it will automatically be blocked from following or replying to you. You nailed it!

Our spam fighting tools will continue to evolve as new behaviors emerge, and as always, we’ll keep trust and safety at the top of our list.

 

by  jennadawn from Twitter

 

8 Things You Probably Didn’t Know About KOOBFACE

You’ve probably read or heard about KOOBFACE malware propagating through social networking sites such as Facebook, MySpace, and Twitter. A lot of analysis is available online through blogs or malware descriptions. But I bet most of you probably still do not know some or all of these things about KOOBFACE.

 

1. KOOBFACE knows: KOOBFACE has the capability to steal whatever information is available in your Facebook, MySpace, or Twitter profile. Profile pages of these social networking sites may contain information about one’s contact details (address, email, phone), interests (hobbies, favorite things), affiliations (organizations, universities), and employment (employer, position, salary). So beware, KOOBFACE knows a lot!
2. KOOBFACE doesn’t just know you through your profile information, they also know what you look like!: Not only does the botnet steal profile information, it also makes sure to put a face to the name by getting one’s profile picture as well.
3. URLs leading to KOOBFACE malware are either in compromised or free Web hosting sites: Yep, call them cheap but the guys behind KOOBFACE are making good use of compromised and free Web hosting sites in spamming KOOBFACE-related URLs. These URLs are spammed in social networking sites with catch phrases like “funny video,” which lead to a fake YouTube or Facebook site, which then leads to KOOBFACE malware.
4. KOOBFACE zombies are made into Web servers on top of being social networking site spammers: KOOBFACE installs a Web server component into infected machines, which effectively makes the infected machine part of the malware’s distribution network. Infected machines serve fake YouTube or Facebook pages, which then lead to the KOOBFACE malware.
5. KOOBFACE zombies are able to distribute repackaged versions of the malware: KOOBFACE Web servers are able to use UPX, a popular executable packer program, to pack (compress) the KOOBFACE binaries they serve.
6. Half of KOOBFACE infections occur in the United States: This is not surprising since majority of the social networking site users reside in the United States.
7. KOOBFACE is able to block IP addresses: Probably in an effort to protect itself against takedown or snooping by curious researchers, KOOBFACE implemented a blockIP routine where traffic coming from a particular IP range is blocked.
8. KOOBFACE is able to defeat Facebook’s spam filtering: Facebook, MySpace, and Twitter have recently implemented a spam-filtering mechanism where known spam URLs are blocked. KOOBFACE tries to circumvent this by first testing if a KOOBFACE spam URL is blocked by Facebook or not.

So there, some things you may not know about KOOBFACE. If this whets your appetite for more information, you may read our research paper The Heart of KOOBFACE: C&C and Social Network Propagation, fresh off the grill from the White Papers section of TrendWatch.

 

by Ryan Flores from trendmicro

Fake Anti-virus Attack on Twitter

A couple of hours ago Jack Schofield, a technology journalist at the Guardian newspaper, warned Twitter users about a fake anti-virus attack that is being distributed via the micro-blogging network.

 

A number of Twitter accounts are promoting a link via the Metamark URL shortening service:

Clicking on the links, however, will take you to a webpage hosting fake anti-virus (also known as scareware or rogueware) which will try and frighten you into believing that you have security problems on your computer.

 

Ultimately you end up on a group of servers based in Toronto. SophosLabs has known about these servers since June, and have been blocking access to them since then with our Web Security Applicance.

 

As is the norm, the alarming security warnings pressure you into downloading an executable program to your PC. Sophos is adding detection for this code as Troj/FakeVir-PC.

 

Metamark’s xrl.us URL shortening service is nothing like as well known as more common alternatives like Bit.ly and TinyURL which means some plugins which try and verify the destination of a shortened link may do a poor job of giving you reliable information.

 

By Graham Cluley, Sophos

Not just Twitter, Jaiku too (Banker Trojan)

Arbor Networks reported that malware (which we detect as Trojan-Banker.Win32.Banker.alwa and Trojan-Banker.Win32.Banker.alwe) was using Twitter as a control system to command infected machines.

But it’s not just Twitter being used by this malware, but Jaiku as well.

You might never have heard of Jaiku, but it’s very similar to Twitter. And it’s being used in the same way, with someone sending commands encrypted in Base64 to an account:

Decrypting some lines we can see two links:

http://bit.ly/******

http://bit.ly/******

that lead to a page with more Base64 code:

This code gets downloaded by the malware, decrypted and saved as an infection component, updating the malware sitting on compromised machines.

So Brazilian cybercriminals are right on the money when it comes to finding new attack vectors; although Jaiku isn’t anywhere near as popular as Twitter, this attack shows they’re out to find as many victims as they can.

Source: viruslist.com

Was Twitter denial-of-service targeting anti-Russian blogger?

Today isn’t just the day after Twitter disappeared for a few hours. It’s also the first anniversary of Georgian troops moving into South Ossetia, an incident which lead to conflict between the Russian and Georgian armies last year.

Perhaps surprisingly, the two may not be disconnected.

The major DDoS campaign which brought Twitter to its knees yesterday (and mildly impacted the likes of Facebook, LiveJournal, Google’s Blogger and possibly YouTube service) may have actually set out to silence only one person – an anti-Russian blogger called Cyxymu from Tbilisi.

This raises the astonishing thought that a vendetta against a single user caused Twitter to crumble, forcing us to ask serious questions about the site’s fragility.

Facebook’s Chief Security Officer Max Kelly told CNET News that a political blogger using the online name “Cyxymu” – who had accounts on Twitter, Facebook, LiveJournal and Google’s Blogger and YouTube services – was targeted in the co-ordinated denial of service attack.

According to Kelly, the pro-Georgian blogger’s accounts on the different sites were attacked simultaneously.

It’s not currently possible to access Cyxymu’s LiveJournal pages (although they can be read via a Google cache as you can see in the screengrab below. Click on the image for a larger version).

Cyxymu’s LiveJournal page claims that he has been the victim of a “Joe Job” attack. It is claimed that a large number of emails have been spammed out, claiming to come from Cyxymu’s Gmail address, containing links to his various accounts (including, in the example below, his YouTube account):

Now, imagine you received one of these emails. You would be pretty annoyed right? Most people’s natural instinct is to get angry about whoever sent you the unsolicited email promoting his blog or YouTube channel.

But if the emails weren’t actually sent by Cyxymu, but by someone else trying to muddy Cyxymu’s name and perhaps try and trick websites into erasing Cyxymu’s accounts for inappropriate behaviour, then your anger and frustration might be being vented at the wrong person.

In other words, Cyxymu may have been set up as a scapegoat by the spammer – with the intention of having their anti-Russian webpages removed.

Cyxymu himself claims on his LiveJournal page that he has been flooded with “out-of-office” replies from people the spam has been sent to, even though he claims not to have sent it himself.

Some media reports have suggested that the surge in internet traffic that crippled Twitter wasn’t the result of a distributed denial-of-service attack, but caused by spam recipient’s clicking on the links to Cyxymu’s webpages.

I don’t think that’s likely. Most people wouldn’t have bothered clicking on the link.

However, I think it is possible that the spam campaign was either run alongside the denial-of-service from compromised computers around the world, or that someone who wasn’t responsible for the Joe Job decided to wreak revenge on whoever they believed to have spammed them (and they might have imagined it was Cyxymu) by launching a DDoS from their botnet.

Meanwhile, Cyxymu’s YouTube channel is still available. It contains a number of videos, many related to skirmishes between Russians and Georgians:

 

 

Cyxymu’s Twitter page is also available for anyone to see:

Could these have been the webpages that the denial-of-service attack was trying to blast off the internet?

By the way, long term readers of the Clu-blog may recall that I have blogged about cyber warfare between Russia and Georgia before. Read “Conflict between Russia and Georgia turns to cyber warfare” and “Update on website attacks in Georgia and Russia” for instance.

by Graham Cluley, Sophos

Twitter Has Been Taken Offline by an Ongoing Denial Of Service Attack.

Twitter has been knocked offline by a denial of service (DoS) attack.

 

The popular social networking site has been offline for more than an hour, with a message on its status page saying: “We are defending against a denial-of-service attack.”

 

On the Twitter blog, co-founder Biz Stone wrote: “On this otherwise happy Thursday morning, Twitter is the target of a denial of service attack.”

 

“Attacks such as this are malicious efforts orchestrated to disrupt and make unavailable services such as online banks, credit card payment gateways, and in this case, Twitter for intended customers or users,” he said.

 

Twitter has promised an update soon. The site has suffered outages before, but normally because of sudden upswings in traffic.

 

Source www.itpro.co.uk

Twitter Filters Tweets

Micro-blogging site Twitter has recently begun filtering tweets containing links to malicious sites.

 

The tactic was first noticed by security researchers on Monday but has yet to be officially announced by Twitter. It has been designed to prevent surfers from being automatically redirected to sites packed with dangerous exploits.

 

The widespread use of URL shortening in tweets (which can be no longer than 140 characters) makes it easy to hide the true destination of links in Twitter. The site has thus adopted this approach, following the increased worm, spam, and account-hijacking attacks targeting it.

 

Whenever a Twitter user attempts to post a link to a known malware/phishing URL, the message “Oops! Your tweet contained a URL to a known malware site!” will appear and, after a few seconds, deletes the tweet.

 

But the question “Does the feature really work?” remains.

 

Trend Micro Advanced Threats Researcher Ryan Flores says, “Twitter is filtering malicious sites as a ‘free service’ so we cannot expect it to provide the best protection. After all, this is not Twitter’s core business, micro-blogging is.”

 

In fact, earlier analysis revealed that the site’s filtering service still cannot block Koobface-related URLs as shown in the figure on the left.

 

Because it has been a favorite cybercriminal target lately, we cannot blame Twitter for trying but we should not expect too much too soon as well. The effort is a good first step for the site but users should not be complacent just because it is trying to block malicious sites (albeit ineffectively) from being posted as legitimate tweets.

 

Trust issues are not fundamentally different from other Web, email, and link techniques out there. It all comes down to context and being sufficiently aware of not blindly opening everything others suggest you do.

 

Twitter Using Google Blacklist To Filter Malicious Links

 

Twitter has quietly started using a Google blacklist of suspected phishing and malware pages to filter malicious URLs leading to known malware sites.

Twitter hasn’t announced it, but F-Secure’s chief research officer Mikko Hypponen revealed how it was starting to filter tweets that linked to known malware sites.

According to this blog post, users are given a warning message when they attempt to click on a link that leads to a blacklisted site.

He later confirmed – on Twitter – that the microblogging site was using Google Safe Browsing API, an experimental API that allows client applications to check URLs against an updated Google blacklist.

Twitter has become a bigger target for hackers taking advantage of its explosion in popularity.

This Easter, Twitter suffered four separate worm attacks that encouraged users to click on a link which infected them and made them automatically send out messages to friends with the same link.

Twitter has not replied to request for comment by time of writing.

By Asavin Wattanajantra from www.itpro.co.uk

Take Easy Backup Your Facebook, Twitter & Gmail

Take Easy Backup Your Facebook, Twitter and Gmail Info 

Today millions of people are enjoying the connections made through social networks like Facebook, MySpace and Twitter. However, as these once strictly for fun networks evolved into serious communication tools, the value of the information stored on these sites has increased exponentially. Unfortunately, these sites offer little in the way of backing up the information that is contained in their user accounts. This is where social media backup services come into play.

  Read more

AddFollowers spam hits Twitter accounts (Video)

« Previous Page — Next Page »