It’s just a matter of when: Context aware twitter malware/spam

: @orinthomas

Twitter malware and spam uses a pretty straightforward attack vector. You get a twitter message from an account (usually with an attractive female avatar) telling you that you’ll get something awesome if you click on the helpfully provided link. Most people don’t click, because they realize that if a hot chick sends you a link on twitter claiming you’ll win a free iPad, it’s probably not legit. If you do visit the site at best you’ve been spammed. At worst it hosts malware that tries to infect your computer.


Today’s twitter spam is quite crude. With the sort of twitter analytics provided by sites like Klout, I imagine that it will become a lot more sophisticated. Klout (and sites like it) allow you to quickly determine what a person’s interest are based on their twitter output. If you were trying to get someone to click on a link to infect them with malware, you’re going to be far more successful if you are hitting a topic that they are clearly interested in than a random promise of a popular product like an iPad.


Random people do legitimately send you links about stuff you are interested in on twitter. If someone tweeted me with a link to a topic I’d just tweeted about, I’d be a lot more likely to click on it than I would a random link sent without context.

So a belated security prediction – twitter link spam will get a lot more context aware in 2012 and it’s going to be difficult to make an eyeball determination whether someone you don’t know has sent you a link because they follow you and they think you will be interested in a topic, or they are just trying to spam you, possibly to a link that contains a browser exploit.

--

My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material:

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish