Twitter Malware Attack Targets Both Mac and PC
Why hit one OS with malware when you can hit two? That is the question. The situation is this: The Twitter account of well-known venture capitalist Guy Kawasaki was hacked and used to send out tweets luring users to a site hosting malware. According to Trend Micro, the malware changes the DNS settings of Windows and Mac machines. If Mac users attempt to view the promised pornographic video on the site, they will download a malicious file. "For the Mac Trojan part, the DMG file -- which is a mountable disk image file -- contains a PKG file, which in turn contains component files with the names AdobeFlash, preinstall and preupgrade, all having the size of 3,359 bytes," Trend Micro Advanced Threat Researcher Ivan Macalintal explained in an e-mail. "These files are all the same files, and were created just last 05/16/09 12:57 a.m. They contain obfuscated bash script." He continued, "The script copies itself into a folder in the system and creates a cron job that enables the malware to run periodically. It sends a HTTP GET request to download another script from a remote server. This downloaded script is actually the one responsible for the DNS changes using the SCUTIL GET and SET commands." On Windows machines, the user is prompted to download a video codec that is actually malware. "This isn't the first time that we have seen code being supplied for both platforms, but it is still a rare event," noted Trend Micro Solutions Architect Rik Ferguson. "It definitely illustrates the fact that Mac OS is becoming an increasingly attractive target for criminal exploitation." Kawasaki acknowledged the attack in a follow-up tweet and apologized to everyone following him on Twitter. The attack, Ferguson said, is another example of hackers abusing trust in social networks to snare victims. "I think in this particular case and in the case of many of the attacks that come through social networking platforms, the malicious message received a huge credibility boost because of the perceived source," Ferguson said. "Social networks have their foundation in a trust relationship; you connect mostly with people you know, interact with and/or trust and respect. Someone like Guy Kawasaki posts links all day every day on his Twitter profile and people are used to them leading somewhere credible and interesting: This made him a perfect target." |
Comments (2)
Was chatting with a friend (cyber security expert) and part of the vulnerability of having multiple people tweeting for you (as Guy has admitted to) is that there are additional chances for one of them to have malicious code on their systems.
Undermining the trust in social networks is a huge cost. I'm likely not to click on Guy's shared links (or any twitter links hidden by shrinking) in the future.
Posted by Mark Essel | June 25, 2009 9:08 AM
Interesting choice in picking Guy. I would have thought they would target a celebrity with a massive following, rather than a Marketing type who would probably have more savvy followers.
To the above, I had not heard before that Guy uses multiple people to Tweet from his account, and I definitely do not like the idea. Do you have a source for this info?
Posted by Malware | November 4, 2009 10:56 AM