There has been a lot of interest recently in the methods used by malicious actors to compromise Social Networking sites for malicious purposes. Indeed, Lysa Myers from WestCoast Labs and I wrote a paper together discussing various issues with SN sites, particularly focussed on Faceboook. However, one very interesting issue has become a hot topic in recent weeks, the posting of malicious URL’s via twitter. The issue here is that often URL shortening services are used (as Tweets are restricted to 140 characters to be compatible with SMS on mobile phones), so the true destination of a URL is easily obscured. Two eminent Anti-malware researchers, Costin Raiu and Morton Swimmer have been particularly involved in examining this threat, and their presentation at Virus Bulletin 2009 in Geneva lasst month was definitely worth seeing, for those who weren’t able to be there, or who missed it, the slides presented by Morton Swimmer of TrendMicro and Costin Raiu of Kaspersky to the conference are available online here http://www.slideshare.net/craiu/twarfing-malicious-tweets.
Andrew Lee CISSP