‘Maltweets’ Pose Threat to Web 2.0 Users


      Bookmark and Share

BEST PRACTICES SERIES

Everybody is doing it: "tweeting," that is. Yet like so many other things that are all the rage, Twitter has a bit of a dark side. No, I'm not talking about users who detail their entire day via the microblogging site. Recently, concerns about hacking and "maltweets" have plagued users of the popular free social networking site and others.

According to Yuval Ben-Itzhak, CTO of Finjan, Inc.-a provider of products for Java security and management-the problem for Twitter users basically lies with the shortened URLs used in posts. Because Twitter only allows 140 characters in a post, URLs pose problems for users, so they often use URL shortening services. "When you see [a shortened URL] you don't know where it's going to take you," says Ben-Itzhak. Quite often a user is taken to a site infected with malware, viruses, and more.

According to James Brooks, director of product management at Cyveillance-a provider of cyberintelligence-users are most often being directed to sites with "downloaders" that evaluate a computer and send information regarding operating systems, security software, and other information back to a remote server. With that information, Brooks says, "a whole host of other malicious software can be delivered."

The maltweets are coming from users who sign up for accounts, as well as people hacking into existing accounts and posting these maltweets, according to Brooks. In one case, shortening service Cligs was infiltrated, and millions of URLs were directed to one site. Luckily, the site was not malicious in nature. But if it had been, it could have meant millions of infections.

The latest trend in delivering maltweets, say Brooks and Ben-Itzhak, is by piggybacking on the latest news. "We're seeing more and more malicious activity surrounding current events," says Brooks. For instance, within minutes of the news about Michael Jackson's death breaking, maltweets started to appear regarding this subject. Someone would post an update about the death coupled with an infected link, knowing that millions of internet users would be looking for information about his death.

Twitter isn't the only website experiencing these kinds of problems. Both Brooks and Ben-Itzhak stress that any user-generated content is susceptible to this kind of foul play. "All the other Web 2.0 sites are suffering from the exact same problem," says Ben-Itzhak. Twitter's high profile of late puts its problems front and center in the public eye, however. The maltweet problem prompted Ben-Itzhak's Finjan to release SecureTwitter, a free SecureBrowsing plug-in that provides users with look-ahead alerts on the safety of URLs showing in their Web 2.0 sites, search results, and web email applications.

"There's no silver bullet," warns Brooks. Individual threats pose individual risks, but he has some common-sense advice that could help keep you and your computer safe. "Don't click on a link from an untrusted source," says Brooks. He also advises web surfers to use one of the available plug-ins-such as SecureTwitter-to evaluate content for you.

Cyveillance provides cyberintelligence for its customers-businesses that stand to lose as much, if not more, than individual users-and in a unique way. Not only do businesses stand to get infected by the same viruses and malware that private users do, but they also need to be vigilant about keeping their brand names from being dragged through the maltweet mud. Brooks says, "We look for the customers' brand to see if we can find people using the brand name to distribute malware."

Whether you're a business looking to protect its name or just a person trying to keep your computer in good working order and all your personal information safe, the most important thing is to be vigilant. "Make sure your security software is up-to-date," Brooks says. "The bad guys are really on top of what's happening and they leverage that to their advantage," says Brooks. Twitter was unable to comment in time for print.

(http://securebrowsing.finjan.com; www.cyveillance.com)