Hackers Spreading Scareware Through Auto-Generated Twitter Accounts
Just when you think that you have made a new connection on Twitter with a real person, you learn that the associated account was automatically generated by a hacker using software for the purpose of spreading malware.
Twitter apparently stays in the headlines for being attacked by worms and used as a tool to by hackers to spread malicious applications with the intention to extort money from computer users. You can almost guarantee that you will hear something about Twitter being attacked or plagued with a new parasite in just about every month of the year.
Hackers are now using more sophisticated methods to spread scareware, or applications that use aggressive tactics to "scare" computer users into purchasing a full version of a malicious program. Usually these tactics range from the use of alert messages that warn computer users of a virus or spyware parasite found on their system or a security scan that returns several fictitious results.
The most recent Twitter attacks, as identified by security companies Sophos and F-Secure, is the use of computer generated Twitter accounts to post messages related to popular topics to tempt computer users who eventually end up clicking on the fabricated message. When the machine-generated message is clicked upon, it will redirect a computer user to servers that host fake antivirus applications. The compromised computers get infected with a rogue security application that uses aggressive extortion tactics.
The hackers who are developing the software to automatically generate Twitter accounts are able to bypass CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart) technology put in place to block automated applications attempting to post messages. Either the hackers are using a applications to crack the CAPTCHA or they hire sources to manually decipher the characters.
Twitter is being targeted with attacks such as Koobface, malicious links in direct messages and auto-account-generating software because it is a relatively new channel to easily spread malware through thousands of unsuspecting computer users. Although the hackers have not been caught or identified, the servers used to host fake security software are located in Toronto, which was discovered by a threat researcher at Sophos in the U.K.
In an effort to minimize this threat, Twitter has already deleted the auto-generated accounts that were spreading scareware applications as discovered by Sophos and F-Secure. Although this has lessened the initial threat, there are still tweets circulating on Twitter with the same malicious URLs.