Hundreds of Twitter Accounts Compromised by Spammers

Security researchers warn that over the weekend over 350 Twitter account were compromised and used to send out spam leading users to a website of a very questionable nature.

The tweets can have different messages, but they all seem to advertise a Web address ending in followed by a seemingly random number.According to Chester Wisniewski, a senior security advisor at antivirus vendor Sophos, the spammed links direct users to "a website that specializes in videos of 'cute young boys.'"

"Watch TV SHOWS On [url]", " Watch Cartoons Online @ [url]", "Watch Movies @ [url]", "Watch The Expendables Movie For Free [url]" or "Watch YOUR FAV SHOWS ON [url]" are examples of the spammed out messages.

The spammers appear to be using the direct API approach to send the messages as opposed to the newer and more complicated method of authorizing an application via OAuth. 

The API technique has historically been abused by spammers a lot. "Twitter has announced they will be discontinuing the old API method, and this is more proof that they can't do it soon enough," Mr. Wisniewski, notes.

It's not yet clear how the accounts used in this spam campaign have been compromised as they don't appear to have been registered specifically for this purpose.

Weak passwords is one of the possibilities and according to the Sophos researcher, the old API can be misused to launch brute force password guessing attacks.

"People choose very poor, easy-to-guess passwords for sites like Twitter, figuring that it is 'not an important site, like my bank.'

"They are playing right into the hands of the sickos who are perpetrating these attacks. Lesson? Use secure passwords everywhere... PLEASE,"  Chester Wisniewski writes on his Sophos blog.

In general, compared to how things were a year ago, the Twitter team has made significant progress in combating spam and other type of attacks on the microblogging website.

However, in this case the response seems to have been pretty slow, which was problematic since there was no shortened URL alias involved, that researchers could work to get suspended.

Follow the editor on Twitter @social_guide

{ 0 comments... read them below or add one }

Post a Comment