Twitter worms no threat to users of Kaspersky Lab products

20 abr 2009
Notícias de Vírus

Kaspersky Lab, a leading developer of secure content management solutions, announces that its products successfully detect all versions of Net-Worm.JS.Twettir that recently spread on the Twitter social networking site.

Twitter is a free social networking and micro-blogging service that enables its users to send and receive short text messages. The malicious program Net-Worm.JS.Twettir began spreading on Twitter on Saturday, 11 April.

The worm used vulnerabilities in Twitter that allowed it to perform cross-site scripting (XSS) attacks and to modify users’ accounts. Accounts were infected when users visited a modified page on Twitter or when they followed links to a promoted website in messages they believed to be genuine ‘tweets’ from their friends. A JavaScript scenario was used in the infection process.

Over the next few days, different versions of the worm circulated on Twitter causing several waves of infections. According to the administrators of Twitter, all the holes on the site have now been closed. There is nothing to suggest that user credentials were stolen or that passwords, phone numbers and other sensitive information were compromised as result of the attack.

New York resident Michael Mooney, 17, has admitted creating the worm Net-Worm.JS.Twettir. He told BNO News that he had created the XSS worm "out of boredom." He also added that he wanted to show web developers the vulnerabilities in their products and to promote his own site via the link in the fake Twitter messages.

According to Roel Schouwenberg, Senior Antivirus Researcher of the Kaspersky Lab Global Research and Analysis Team, the new worm does not have sophisticated functionality and is not a real threat because it does not steal personal data. The problem, in his opinion, lies elsewhere – in the possibility of launching malicious scenarios using such widespread and familiar interactive elements as buttons and links.

“Also, in response to the new XSS-Worms, some web services have been created to supposedly protect the user. But again, these services ask users to just click on a link – while asking their friends to do the same. In other words, they behave in a similar way to malicious programs,” says Schouwenberg.

The Kaspersky Lab analyst also stresses that the Twitter incident is further proof of the growing threat emanating from social networking sites. Kaspersky Lab’s malware evolution report for 2008 stated that the effectiveness of a malicious code distribution on social networking sites is about 10 per cent, which is considerably more effective than the traditional malware distribution method via email (less than one per cent). This may be due to the fact that users of such sites are much more trusting and these services fail to provide sufficient protection.

Kaspersky Lab products successfully detect all versions of Net-Worm.JS.Twettir. They also provide effective protection from other script threats that arise when loading Internet sites and when using their interactive elements.