Twitter worms no threat to users of Kaspersky Lab products

24 Apr 2009
Virus News

Kaspersky Lab announces that its products successfully detect all versions of Net-Worm.JS.Twettir that recently spread on the Twitter social networking site.

Twitter is a free social networking and micro-blogging service that enables its users to send and receive short text messages. The malicious program Net-Worm.JS.Twettir began spreading on Twitter on Saturday, 11 April.

The worm used vulnerabilities in Twitter that allowed it to perform cross-site scripting (XSS) attacks and to modify users’ accounts. Accounts were infected when users visited a modified page on Twitter or when they followed links to a promoted website in messages they believed to be genuine ‘tweets’ from their friends. A JavaScript scenario was used in the infection process.

Over the next few days, different versions of the worm circulated on Twitter causing several waves of infections. According to the administrators of Twitter, all the holes on the site have now been closed. There is nothing to suggest that user credentials were stolen or passwords, phone numbers, and other sensitive information were compromised as result of the attack.

Growing threat emanating from social networking sites

New York resident Michael Mooney, 17, has admitted creating the worm Net-Worm.JS.Twettir. He told BNO News that he had created the XSS worm "out of boredom". He also added that he wanted to show web developers the vulnerabilities in their products and to promote his own site via the link in the fake Twitter messages.

According to David Emm of the Global Research and Analysis Team at Kaspersky Lab, the new worm does not have sophisticated functionality and is not a real threat because it does not steal personal data. The problem, in his opinion, lays elsewhere – the possibility of launching malicious scenarios using such widespread and familiar interactive elements as buttons and links.

“Also, in response to the new XSS-Worms, some web services have been created to supposedly protect the user. But again, these services ask users to just click on a link – while asking their friends to do the same. In other words, they behave in a similar way to malicious programs,” says David.

The Kaspersky Lab analyst also stresses that the Twitter incident is further proof of the growing threat emanating from social networking sites. Kaspersky Lab’s malware evolution report for 2008 stated that the effectiveness of a malicious code distribution on social networking sites is about 10 percent, which is considerably more effective than the traditional malware distribution method via email (less than 1 percent). This may be due to the fact that users of such sites are much more trusting and these services fail to provide sufficient protection.

Kaspersky Lab products successfully detect all versions of Net-Worm.JS.Twettir. They also provide effective protection from other script threats that arise when loading Internet sites and when using their interactive elements.

About Kaspersky Lab

Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The Company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at . For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit