Twitter Worm Spreading Through Google Link

Malware is being distributed through the microblogging site's mobile app and URLs generated by the Goo.gl shortening service.

Alison Diana, Contributing Writer

December 7, 2010

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Top 5 Twitter Clients Revealed

Top 5 Twitter Clients Revealed


(click image for larger view)
Slideshow: Top 5 Twitter Clients Revealed

The Twitter bird has become infected by a worm that is being spread via the link goo.gl/R7f68 and, perhaps, others.

A large number of messages are appearing on the popular microblogging site, according to a number of reports. Some unwitting users who click on the link are sent to the website of French furniture seller Artcan Developpement, which apparently has been hacked, then are redirected to various sites filled with malware scripts, Mashable said.

"We're aware and have sent out password resets for affected users. We'll monitor the situation in case of further iterations," Troy Holden, a Twitter support representative, told TechCrunch.

While some messages are coming from disposable Twitter accounts, other postings apparently are appearing from real Twitter accountholders, making it likely that the worm is spreading and sending the messages from now-infected accounts, various reports said. To date, all messages are coming from the mobile version of Twitter, according to Mashable.

On Tuesday morning, Twitter's site hummed with warnings in multiple languages, as accountholders warned followers not to open links ending in R7f68. But since the worm is only a few hours old, the format could quickly change, The Next Web warned. Indeed, TechCrunch reported it found the worm was being spread via http://goo.gl/od0az.

"What we've been able to learn is that the worm seems to be either creating or using a number of spam/newer accounts," The Next Web reported Tuesday morning. "That said, a few influentials have also tweeted the URL."

The R7f68 URL -- shortened using Google's goo.gl website-abbreviation service -- is sometimes part of a message stream: "Just found the easiest way to track who follows and unfollows you -- http://goo.gl/kLE5M," The Next Web said. But in some cases the link appears without this comment, reports said.

In addition, The Next Web cautioned Twitter users against postings that advertised a service called Fllwrs, and recommended that users revoke access to their Twitter site if such a posting appears.

Social media is increasingly becoming an attractive target for cybercriminals. Malware -- such as bots that launch spam and denial of service attacks, keyloggers and backdoor Trojan viruses designed to steal confidential data -- is a file or application that is downloaded from a website or computer that has properties that are involuntary and malicious. In September, Twitter halted a malware attack that spread malicious messages using cross-site request forgery.

About the Author

Alison Diana

Contributing Writer

Alison Diana is an experienced technology, business and broadband editor and reporter. She has covered topics from artificial intelligence and smart homes to satellites and fiber optic cable, diversity and bullying in the workplace to measuring ROI and customer experience. An avid reader, swimmer and Yankees fan, Alison lives on Florida's Space Coast with her husband, daughter and two spoiled cats. Follow her on Twitter @Alisoncdiana or connect on LinkedIn.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights