Twitter Malware Through Time

Gwitter malware through time April 2007 OMG DID U C? A vulnerability in SMS authentication allows updating of someone else's status via text message. Twitter introduced a PIN code option to resolve the vulnerability. Twitter attacked by cybercriminals who set up a specially crafted page with an ad for an erotic video. Clicking the photo would infect users with a Trojan-downloader declaring to be a new version of Adobe Flash. August 2008 Clickjacking attacks proliferate. Twitter users see links in accounts they follow with the message "Don't click." Users who follow the links have their clicks hijacked. February 2009 Twitter hit by multiple variants of an XSS (cross-site scripting) worm. Thousands of messages containing the name "Mikeyy" (the nickname of the author) are generated as the worm propagated. April 2009 A French hacker gains access to Twitter's admin panel. Screenshots show internal access to accounts belonging to many high-profile celebrities from Britney spears to Ashton Kutcher. April 2009 Cybercriminals hijack Twitter trending topics to serve malware. A malware serving campaign starts abusing the trending system to trick users into visiting bogus June 2009 exclusive video sites and infect them with malware. Guy Kawasaki's Twitter account hijacked and attempts to serve Mac and Windows malware to some 130,000+ followers. June 2009 A new Koobface modification enables the infection July 2009 to spread through Twitter users. Once an infected user attempts to log in to Twitter, Koobface hijacks the session and posts a tweet on behalf of the user in an attempt to infect their followers. A Twitter account is used as a Command and Control center for botnets. Tweets contained special code that was downloaded, decrypted and saved as an infection component to update the malware on previously infected machines. August 2009 May 2010 A bug is descovered which allows a mali- cious user to force others to follow them. Twitter settles a case with the FTC which requires them to undertake a number of steps to secure user info, due to multiple breaches. One of the provisions is a bi-annual security audit. June 2010 A "MouseOver" exploit is discovered. Just moving your mouse over the malicious tweet is enough to launch the worm, which then reposts to your account. The exploit is later used to deliver pop-up ads and links to pornographic websites. September 2010 KASPERSKY? Gwitter malware through time April 2007 OMG DID U C? A vulnerability in SMS authentication allows updating of someone else's status via text message. Twitter introduced a PIN code option to resolve the vulnerability. Twitter attacked by cybercriminals who set up a specially crafted page with an ad for an erotic video. Clicking the photo would infect users with a Trojan-downloader declaring to be a new version of Adobe Flash. August 2008 Clickjacking attacks proliferate. Twitter users see links in accounts they follow with the message "Don't click." Users who follow the links have their clicks hijacked. February 2009 Twitter hit by multiple variants of an XSS (cross-site scripting) worm. Thousands of messages containing the name "Mikeyy" (the nickname of the author) are generated as the worm propagated. April 2009 A French hacker gains access to Twitter's admin panel. Screenshots show internal access to accounts belonging to many high-profile celebrities from Britney spears to Ashton Kutcher. April 2009 Cybercriminals hijack Twitter trending topics to serve malware. A malware serving campaign starts abusing the trending system to trick users into visiting bogus June 2009 exclusive video sites and infect them with malware. Guy Kawasaki's Twitter account hijacked and attempts to serve Mac and Windows malware to some 130,000+ followers. June 2009 A new Koobface modification enables the infection July 2009 to spread through Twitter users. Once an infected user attempts to log in to Twitter, Koobface hijacks the session and posts a tweet on behalf of the user in an attempt to infect their followers. A Twitter account is used as a Command and Control center for botnets. Tweets contained special code that was downloaded, decrypted and saved as an infection component to update the malware on previously infected machines. August 2009 May 2010 A bug is descovered which allows a mali- cious user to force others to follow them. Twitter settles a case with the FTC which requires them to undertake a number of steps to secure user info, due to multiple breaches. One of the provisions is a bi-annual security audit. June 2010 A "MouseOver" exploit is discovered. Just moving your mouse over the malicious tweet is enough to launch the worm, which then reposts to your account. The exploit is later used to deliver pop-up ads and links to pornographic websites. September 2010 KASPERSKY? Gwitter malware through time April 2007 OMG DID U C? A vulnerability in SMS authentication allows updating of someone else's status via text message. Twitter introduced a PIN code option to resolve the vulnerability. Twitter attacked by cybercriminals who set up a specially crafted page with an ad for an erotic video. Clicking the photo would infect users with a Trojan-downloader declaring to be a new version of Adobe Flash. August 2008 Clickjacking attacks proliferate. Twitter users see links in accounts they follow with the message "Don't click." Users who follow the links have their clicks hijacked. February 2009 Twitter hit by multiple variants of an XSS (cross-site scripting) worm. Thousands of messages containing the name "Mikeyy" (the nickname of the author) are generated as the worm propagated. April 2009 A French hacker gains access to Twitter's admin panel. Screenshots show internal access to accounts belonging to many high-profile celebrities from Britney spears to Ashton Kutcher. April 2009 Cybercriminals hijack Twitter trending topics to serve malware. A malware serving campaign starts abusing the trending system to trick users into visiting bogus June 2009 exclusive video sites and infect them with malware. Guy Kawasaki's Twitter account hijacked and attempts to serve Mac and Windows malware to some 130,000+ followers. June 2009 A new Koobface modification enables the infection July 2009 to spread through Twitter users. Once an infected user attempts to log in to Twitter, Koobface hijacks the session and posts a tweet on behalf of the user in an attempt to infect their followers. A Twitter account is used as a Command and Control center for botnets. Tweets contained special code that was downloaded, decrypted and saved as an infection component to update the malware on previously infected machines. August 2009 May 2010 A bug is descovered which allows a mali- cious user to force others to follow them. Twitter settles a case with the FTC which requires them to undertake a number of steps to secure user info, due to multiple breaches. One of the provisions is a bi-annual security audit. June 2010 A "MouseOver" exploit is discovered. Just moving your mouse over the malicious tweet is enough to launch the worm, which then reposts to your account. The exploit is later used to deliver pop-up ads and links to pornographic websites. September 2010 KASPERSKY? Gwitter malware through time April 2007 OMG DID U C? A vulnerability in SMS authentication allows updating of someone else's status via text message. Twitter introduced a PIN code option to resolve the vulnerability. Twitter attacked by cybercriminals who set up a specially crafted page with an ad for an erotic video. Clicking the photo would infect users with a Trojan-downloader declaring to be a new version of Adobe Flash. August 2008 Clickjacking attacks proliferate. Twitter users see links in accounts they follow with the message "Don't click." Users who follow the links have their clicks hijacked. February 2009 Twitter hit by multiple variants of an XSS (cross-site scripting) worm. Thousands of messages containing the name "Mikeyy" (the nickname of the author) are generated as the worm propagated. April 2009 A French hacker gains access to Twitter's admin panel. Screenshots show internal access to accounts belonging to many high-profile celebrities from Britney spears to Ashton Kutcher. April 2009 Cybercriminals hijack Twitter trending topics to serve malware. A malware serving campaign starts abusing the trending system to trick users into visiting bogus June 2009 exclusive video sites and infect them with malware. Guy Kawasaki's Twitter account hijacked and attempts to serve Mac and Windows malware to some 130,000+ followers. June 2009 A new Koobface modification enables the infection July 2009 to spread through Twitter users. Once an infected user attempts to log in to Twitter, Koobface hijacks the session and posts a tweet on behalf of the user in an attempt to infect their followers. A Twitter account is used as a Command and Control center for botnets. Tweets contained special code that was downloaded, decrypted and saved as an infection component to update the malware on previously infected machines. August 2009 May 2010 A bug is descovered which allows a mali- cious user to force others to follow them. Twitter settles a case with the FTC which requires them to undertake a number of steps to secure user info, due to multiple breaches. One of the provisions is a bi-annual security audit. June 2010 A "MouseOver" exploit is discovered. Just moving your mouse over the malicious tweet is enough to launch the worm, which then reposts to your account. The exploit is later used to deliver pop-up ads and links to pornographic websites. September 2010 KASPERSKY?