Malicious tweets keep coming and changing

There is no end in sight for malicious postings on Facebook and Twitter. And although Facebook has become quite adept at spotting them and blocking the malicious links quickly, Twitter has yet to show the same readiness.

According to Sophos’ Chester Wisniewski, the attackers have been very busy this weekend. The subjects of the tweets in question were exceedingly diversified:

As far as he could tell, the bots used were replying to people on topics they were posting about at that moment – showing that the use of bots has evolved from just spamming users with one message “to fit them all” which was easily recognized as spam.

Another thing that surprised Wisniewski was the wide range of exploits and malware being used: “plain old trojans that expect you to install them, malicious Java code targeting vulnerabilities from the past year, malicious JavaScript redirects and poisoned document files.”

He also speculates that the possibility exists that the attackers are trying to set up a botnet for politically motivated DDos attacks, since five of the six malware variants he has analyzed report back to C&C centers in Muslim countries, and the topic of the tweets was the conflict in the Middle East.

But, as he himself notes in an earlier post, “criminals tend to be equal opportunity exploiters. By choosing a topic that inspires passion on both sides, they can get innocent surfers to succumb to their political fervor.” In other words – it pays to think twice before following a link from an unknown source.