Twitter hit by avalanche of malicious tweets

Twitter hit by avalanche of malicious tweets

PanARMENIAN.Net - Twitter has been hit by an avalanche of malicious tweets that are being sent by thousands of compromised user accounts. The ongoing attack, which was about two hours old and showed no signs of abating as this post was about to go live, appeared to be linked to security breaches affecting third-party sites and apps, Ars Technica reported.

Early on, every single one of the tweets viewed by Ars contained the tag "via weheartit.com," prompting speculation the compromised Twitter accounts were linked to the social network by that name, which hosts services for image sharing and promotion. Later on, however, tweets that were part of the same campaign carried tags showing they were transmitted by apps such as the Twitter for iPhone, making it unclear exactly what was the source of the non-stop torrent, the report says.

In an e-mail, We Heart It President Dave Williams wrote: "We are definitely seeing some malicious activity which we have now blocked and are investigating further. Unfortunately I don't have any other information I can share at this point."

We Heart It representatives later took to Twitter to say sign-in and sharing over Twitter had been temporarily disabled, according to Ars Technica.

The malicious tweets all contained words that should be familiar to anyone who has ever received spam: "If I didn't try this my life wouldn't have changed." There's also a link that led to hxxp://www.womenshealth.com-april22.us/miracle-garcinia, a site promoting women's health products. Researchers have yet to analyze the site to see if it attempts to surreptitiously install malware on visitors' machines, so readers are advised to avoid the link unless they have experience analyzing malicious sites.

The incident is a potent reminder of how a security lapse of one site or app maker can cascade over to other sites and the millions of people who visit them. We Heart It, which in December said it had 25 million monthly users, allows users to share content directly on Twitter without leaving the site, presumably by using the OAuth authentication mechanism to link accounts between the two sites. For obvious reasons, Twitter for iPhone is also intricately linked to users' Twitter accounts. At this early stage, it's not possible to rule out the possibility log-in or authentication credentials for accounts that use these two services have been compromised. Out of an abundance of caution, users whose Twitter accounts were commandeered should change passwords now to something strong and unique, Ars Technica says.

 Top stories
One game includes keeping soccer balls in the air, while another game makes the players virtually swim on the large screen.
The memorandum of understanding will allow for an exchange of technical information and non-operational data related to cybercrime.
Mozilla is setting Yandex as the default search engine in Russia, and the move opens up the firm to work with more local partners
The award of $23.6mln was a tenth of what the firm was claiming: $1 for every infringing device sold, which would have totaled $237mln.
Partner news