A developer from New York has suggested that Twitter could be experiencing a security threat from its own version of the “Koobface” virus which could be used to distribute spam via hacked user accounts.
The micro-blogging platform is reportedly the target of an attack which attempts to collate data from users in an attempt to hack their user accounts. The accounts are then used to distribute spam messages and phishing attacks through the site’s direct message system.
Initially it was thought that the hackers were adopting a form of phishing attack through Twitter’s API (Application programming interface) – a system that allows third party developers to create applications that run alongside Twitter – to acquire the information that they needed.
However, PHP and application security specialist Chris Shiflett says that he suspects that the attacks are a sign that a new variant of the Facebook worm Koobface is attacking the site. The worm it is believed, searches for users’ session ID cookies that are set on users’ computers when they tick the “Remember Me” box to stay logged onto Twitter.
Once it has access to the session cookies, the worm can log on to Twitter and send direct messages to the followers of the user whose account has been compromised.
Koobface was a worm, identified and isolated in December 2008, which predominantly targeted the Facebook and Myspace profiles of unsuspecting users, scanning their data in an attempt to identify sensitive information such as addresses and credit card numbers.
A software company based in Auckland, New Zealand, whose staff were affected by a similar attack, has also told one of the country’s Computerworld magazine that they also suspect a ‘Koobface like’ virus is responsible.
Evidence suggests that the worm appears to be sending out direct message spam for a Premium SMS “quiz” service website, aimed at US customers. The service has a minimum charge of US$4.99, and a US$10 a month continual cost.