// IP Marketing video - START// IP Marketing video - END

Twitter hit by avalanche of malicious tweets

Twitter hit by avalanche of malicious tweets

PanARMENIAN.Net - Twitter has been hit by an avalanche of malicious tweets that are being sent by thousands of compromised user accounts. The ongoing attack, which was about two hours old and showed no signs of abating as this post was about to go live, appeared to be linked to security breaches affecting third-party sites and apps, Ars Technica reported.

Early on, every single one of the tweets viewed by Ars contained the tag "via weheartit.com," prompting speculation the compromised Twitter accounts were linked to the social network by that name, which hosts services for image sharing and promotion. Later on, however, tweets that were part of the same campaign carried tags showing they were transmitted by apps such as the Twitter for iPhone, making it unclear exactly what was the source of the non-stop torrent, the report says.

In an e-mail, We Heart It President Dave Williams wrote: "We are definitely seeing some malicious activity which we have now blocked and are investigating further. Unfortunately I don't have any other information I can share at this point."

We Heart It representatives later took to Twitter to say sign-in and sharing over Twitter had been temporarily disabled, according to Ars Technica.

The malicious tweets all contained words that should be familiar to anyone who has ever received spam: "If I didn't try this my life wouldn't have changed." There's also a link that led to hxxp://www.womenshealth.com-april22.us/miracle-garcinia, a site promoting women's health products. Researchers have yet to analyze the site to see if it attempts to surreptitiously install malware on visitors' machines, so readers are advised to avoid the link unless they have experience analyzing malicious sites.

The incident is a potent reminder of how a security lapse of one site or app maker can cascade over to other sites and the millions of people who visit them. We Heart It, which in December said it had 25 million monthly users, allows users to share content directly on Twitter without leaving the site, presumably by using the OAuth authentication mechanism to link accounts between the two sites. For obvious reasons, Twitter for iPhone is also intricately linked to users' Twitter accounts. At this early stage, it's not possible to rule out the possibility log-in or authentication credentials for accounts that use these two services have been compromised. Out of an abundance of caution, users whose Twitter accounts were commandeered should change passwords now to something strong and unique, Ars Technica says.

 Top stories
Samsung has some 2.5 million Galaxy Note 7s left over after using 20,000 or so up in testing to determine the cause of the problem.
Despite the incubation period, the team's charging tech might not be ready for an anticipated iPhone refresh expected to debut this fall.
Size wise, Kuo says the OLED iPhone will have measurements similar to the 4.7-inch iPhone, allowing for one-handed operation.
It's still possible to buy the 3310 on Amazon, though only through its marketplace and not directly from the company itself.
Partner news