Twitter Hack Spreads P*rn Trojan

Keep on Guard!


I had a spam tweet appear in my stream a while back and like Guy Kawasaki I also had absolutely no idea where it came from.

Perhaps some kinda XSS flaw in Twitter when I visited a site that spawned the message (in a hidden iframe perhaps).

It wouldn’t be the first time Twitter was having security problems, just this time it’s not something that’s gone public. Spammers are using it to entice people to watch Sex Tapes and visit affiliate sites.

Former Apple Macintosh evangelist Guy Kawasaki posts Twitter messages about a lot of different thing, but the message he put up on Tuesday afternoon was really out of character.

“Leighton Meester sex tape video free download!”

His message included a link that, after some further clicking, landed Kawasaki’s followers on a fake porn site where online criminals try to install a nasty Trojan horse program on victim’s computers. And in an interesting twist, the program attacks both Mac and Windows users.

Kawasaki, a well known entrepreneur who is now a a managing director of Garage Technology Ventures, isn’t the only person whose account was misused during a new round of Twitter hacking Tuesday, but with nearly 140,000 followers he’s the most high-profile. Meester, the star of the TV Show GossipGirl is also said to be the subject of a homemade sex tape that is reportedly in circulation.

Apparently 1,600 people clicked on the link, probably because most people don’t know who Leighton Meester is, they would have had more luck with Lady Gaga or Britney Spears sex tapes :D

They would have better results hijacking his account, but I suspect they didn’t have access. He just clicked the wrong link or viewed the wrong site once and that spawned the message.

It’s possible there could a flaw in the Twitter API too and with some kinda fuzzing or brute force you can broadcast messages.

It’s not clear how hackers managed to gain access to Kawasaki’s account — security experts say that he and others may have fallen victim to earlier Twitter phishing attacks, where attackers tried to trick victims into logging into fake Twitter sits in hopes of stealing their login credentials.

Other hacked accounts are being used to to promote pornographic Web sites. Victims include an Arizona political blogger, an up-and-coming Canadian musician, and a Gay news site. (note, some of these Twitter pages still include pornographic and possibly malicious links)

Twitter has had its share of security problems over the past months. Earlier this year someone gained access to the Twitter accounts of U.S. President Barack Obama, Britney Spears, and others.

Recently scammers have become more aggressive on the site. They will set up new accounts and post spam messages on hot topics in hopes of gaining clicks when people search through Twitter.

Twitter have recently set up a system for verified accounts, I hope they also ensure these accounts stay secure and in the hands of the right people.

It’ll be interesting to see what turns up, if someone makes another flaw in Twitter public.

I hope they do as it’ll make the system more secure for everyone.

Source: PCWorld

Posted in: Exploits/Vulnerabilities, Malware, Web Hacking

, , , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


One Response to Twitter Hack Spreads P*rn Trojan

  1. Vinoth July 15, 2009 at 3:40 pm #

    Since Twitter is becoming more popular we can expect these kind of attacks more in future.