A Twitter account can be used as the command center for harnessing a "botnet" of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware called Downloader.Sninfs. The account has since been suspended by Twitter.
Downloader.Sninfs, also known as Infostealer.Bancos, is a Trojan that uses the guise of a Brazilian banking site to collects passwords and related personal information from infected computers.
Security on Twitter is front and center right now, as the microblogging site was completely downed by a distributed denial-of-service attack last week that was targeting a Georgian political blogger. While other services like Facebook and the Google-owned Blogger were also hit by the attack, Twitter was the only one to suffer a full-out, hours-long outage, and it called into question just how secure the service really is.
But in this case, the Twittering botnet doesn't necessarily highlight a vulnerability that would be unique to Twitter.
"Although Twitter.com has been used in this instance, there are plenty of alternative sites on the Internet that could also be used as a similar medium of communication," Coogan wrote.
This post was updated at 1:05 p.m. PDT to note that Arbor Networks also reported the Twitter-based botnet.
On Sunday, I had an e-mail alert about someone writing on my Facebook wall--a college acquaintance with whom I hadn't spoken in quite some time. As it turns out, I was a victim of "wall spam," a recent phenomenon on Facebook in which automated spam posts show up on members' message walls. It's similar to a wave of profile spam that swept News Corp.'s MySpace a few years ago.
The message in question read, "Some thinks you are special and has a hot^crush on you. Find out who it could be!! ;)" with a link to a Flash file claiming to be hosted on the imageshack.us domain.
But by the time I navigated to my Facebook profile to get rid of the spammy (and possibly virus-ridden) message--within an hour or two of the notification showing up in the first place--the wall post was gone. This means one of either two things: someone else saw the message on my profile and flagged it, or Facebook is actively policing the site to keep it under control, probably by searching for duplicates of a known spam message.
Of course, an hour or two is still a big enough frame of time for people to click on the link and get their computers loaded with some nasty new malware.
I've asked Facebook for comment on exactly what their strategy is and whether any members' login credentials are getting compromised by this spam or virus. I'll update when I hear back.
"Wall spam" rose to notoriety earlier this month, when members started noticing the phenomenon, and security firms started flagging worms that were spreading via Facebook members' walls and installing malware when a link in the message was clicked. The company has recommended antivirus fixes and says it's acting fast.
The Silicon Alley Insider reported earlier this month that Facebook had been deactivating links in identified spam posts; removing the posts entirely is a more aggressive measure.
"If we get a report of a bug or a hole from a user, a security researcher, a reporter, blogger, or anyone, we check it out and fix it as quickly as possible," Facebook security chair Max Kelly wrote several weeks ago on the company blog in response to another virus. "In fact, we appreciate it when help comes our way from the many security experts and organizations out there."
Sun Microsystems has bragged for 13 years now that Java security features keep the programming technology virus-free. Apparently, the same doesn't hold for the JavaOne trade show.
The San Francisco Department of Public Health put out a release Thursday with an alert that "several" people had become ill after attending or working at conferences at the city's Moscone Convention Center between April 30 and Thursday. That includes the time when the JavaOne confab took over the space. JavaOne opened its doors on Sunday and ends Friday.
The culprit specified in the alert was the norovirus.
To clarify, this is a virus that makes you barf and gives you diarrhea. It's not the kind of virus that sends Viagra-pitching e-mails to all your friends or treats you to a Rick Astley sing-along every time you turn on your computer.
No, you won't drop dead from it. Norovirus is better known as one of the viruses that causes a nasty stomach flu. Symptoms only last about a day or two, but it's highly contagious. Just to up the gross-out factor: Norovirus is found in the fecal matter or vomit of people who are infected. If they don't wash their hands properly, they spread it when they handle food or drinks.
The health department is requesting that people who believe they have a norovirus-related illness keep away from the Moscone Center until they have been symptom-free for 48 hours.
Yes, yes, I know it's one of San Francisco's singles hotspots, but this is for the greater good. In the meantime, make sure you wash your hands.
And you can rest assured that all ickiness will be removed from the Moscone Center, as the health department "is working with the organizers of the meeting facilities to make cleaning recommendations and to confirm the cause of the illnesses." You think maybe it was Neil Young?
CNET News.com's Stephen Shankland contributed to this story.
- prev
- 1
- next
