All that is old is new again, or so we’ve been told. This weekend the Twitterverse has been slammed with a couple of bothersome worms that propagate rapidly using basic social engineering: we like to click links from friends.
Mashable [mikeyy: Second Twitter Worm on the Loose] and ReadWriteWeb [Twitter Worm Could Take Over Your Computer (in Theory) – ReadWriteWeb] covered this charming present from the Easter Virus Bunny over the weekend but it seems that most folks missed a basic point while pointing fingers at Twitter: we’ve seen this all before. Remember the early days of HTML email? Remember being told to just disable HTML email in Outlook Express and Outlook because just opening a bad email could infect you? Well those days are back, at least for the moment with this Twitter worm.
The “Mikeyy Worm” and others are so freakin’ clever you have to give them props. Basically you see a Tweet from a friend with a link to check out a site or later how to prevent infection and it goes to an infected Twitter profile with a charming piece of Javascript buried in it that infects your Twitter account as well.
Nope not your computer per se, but your Twitter account/profile. It propagates by putting the nasty code into your profile and sends out a tweet on your behalf to keep the whole cycle going.
Ah let’s virus like it’s 1999…
So is this Twitter’s fault? Of course it is.
Is this unexpected? Hell no.
Are we ever going to be rid of things like this? Also a resounding, hell no.
The problem is that most of these kinds of attacks use basic social engineering tools. Click on links from friends, click on links saying your account has been compromised, give “tech support” your username and password…they pray on trust and our assumptions of safety.
Yes, we all need to be careful and skeptical, but honestly not ever clicking on links from friends defeats the purpose of sharing through Twitter (and others) doesn’t it?
So we’ll all be more careful. We’ll make sure that we know how to quickly close off all Twitter related apps, blow out browser caches and cookies, and reset passwords. Man their could be a great AppleScript or Automator script in there…
Be prepared to hear the shocking news about the Email culture its goin to Die due to all these spams and great Social Networking sites http://lazybloggar.blogspot.com/2009/11/emailing-culture-is-going-to-die.html
Be prepared to hear the shocking news about the Email culture its goin to Die due to all these spams and great Social Networking sites http://lazybloggar.blogspot.com/2009/11/emailing-culture-is-going-to-die.html