Twitter worm spreading malicious goo.gl links?
Posted on 07.12.2010
A new Twitter worm seems to be burrowing its way across the service, apparently forcing mobile Twitter users to retweet a goo.gl shortened link which they clicked on themselves.

So far, there are two versions of the link (http://goo.gl/R7f68 and http://goo.gl/od0az), but there are likely to be more. The worm piqued the curiosity of many users, since the message containing the link contains nothing else - no explanation, no hint:


The Next Web used a tool that lets users check where the shortened link will take them before they click on it, and it turns out that the destination is http://artcan-developpement.fr/tw.html, a legitimate but compromised site of a French furniture company.

"The bit after the slash of course redirects to various exe or php files on several other domains (e.g. detecproforyou.us/twit.php or robsearch.info/tre/sena.exe) then results in a 404 for that file. But at the source for that page and its empty," said a commenter to the site.

Whether these sites are meant to serve malware is not yet clear, but the real issue here is that they might, so Twitter needs to find out soon how this worm spreads and stop it in order to prevent further mischief.

Were aware and have sent out password resets for affected users. Well monitor the situation in case of further iterations, stated Twitter representative Troy Holden to TechCrunch in the meantime.

A third instance of usage of a goo.gl shortened link has been also spotted, and it's not yet clear if there is any connection with the worm. This time, the message contains more than just a link - it advertises a service to track "who follows and unfollows you".

In any case, for the time being, it's best to avoid clicking on these and similar links - especially if you're checking your account via your cell phone.






Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //