Gadgetell | Tech News, Reviews, and Interesting Things

Twitter is recovering from a powerful worm attack.  Labeled the Mikeyy worm, it appears to have been created by a 17 year old NY man who had nothing better to do and wanted to drive traffic to his website. The worm exploited a cross site scripting flaw to compromise nearly 200 accounts and send more than 10,000 tweets. Users were infected simply by visiting the compromised profiles.  The worm hit Twitter 4 separate times this weekend, but it is not the first time spammers and scammers have hit social networking sites, in fact it appears they are becoming more attractive to them than traditional avenues such as email.  Facebook and MySpace have also been hit by numerous attacks, mostly phishers trying to get personal info and spammers looking to drive traffic to link farms.

Social Networks: The New Target

Social networking has become such a popular target due to the huge numbers of people using them these days and the viral nature of them.  By that I mean the way people are willing to pass links, videos, and apps around to their friends.  Anyone on Facebook knows that third party apps are wildly popular, and if you have a large friends list you probably get tons of drinks, gifts, glitter, snacks, and other offerings sent to you each day.

The problem is some of them are malicious, such as the worm that hit the service recently, sending fake notifications announcing your friend had reported you to Facebook for terms of service violations.  The friend’s name was included, resulting in lots of angst, anger, and unfriending.

Another worm, Koobface, hit both Facebook and MySpace.  It posted messages on profiles with links to videos.  Since the messages looked like they had come from their friends, victims clicked on them and got infected themselves.  Experts say attacks on social networking services will only increase as more and more cybercriminals seek out vulnerabilities and use them to carry out XSS/PHP/SQL attacks.

Twitter and Facebook, you’re on notice

These attacks mean social networking sites need to be on the ball at all times (this means you Twitter, you’re known for being slow to respond to attacks and threats!), and for sites like Facebook and MySpace which allow third party apps, they must come up with a stringent review and security process to protect their users from rogue apps. Web 2.0 is only going to grow, and security must keep up.

How to protect yourself

To protect yourself from Twitter worms like Mikeyy, use a third party app like Twhirl or Tweetdeck (my personal favorite) rather than the Twitter website.  Turning off JavaScript is also a good idea - and don’t think you’re safe if you run Linux-according to ComputerWorld; Linux users got infected as well thanks to a JavaScript vulnerability Twitter hasn’t fixed.  This makes all browsers vulnerable.

For Facebook and MySpace, be careful who you friend.  My rule of thumb is if I don’t know you myself and we don’t have a mutual friend who can vouch for you, you don’t get on my friends list.  It’s also important to be very careful what third party apps you accept.  Most of them are harmless and fun, but don’t be too trusting.  Trust is what makes Web 2.0 go round, but it’s also what makes it a prime target for spammers and scammers.

Read [InformationWeek]