Twitter squeeks by again. “Don’t Click” was good POC
February 15th, 2009. Published under My Recent Reads. No Comments.
pulled from Google Reader (click on title for original post)
A very clever hacker used an IFRAME technique to spread a Twitter worm today. The worm did nothing more than post a message to twitter saying “Don’t Click” which of course people would click and off it went. Great write up here.
I say Twitter got lucky because they still allow, nay encourage, URL obfuscation using tinyURL and do nothing to check the URL’s posted. Next step, as I outlined in a column at CIOUpdate in December (Social Networks are Risky Business), is for the hacker to post a link to a page that installs malware on the victim’s computer. That will be bad.
Sad to be the one to say this, but Twitter is going to have to take responsibility for the health of its own community. It is going to have to start checking of posted URLs to make sure they do not lead to drive-by downloads.
Post from: ThreatChaos