SCF Advanced Search



  • Total Posts: 38475
  • Total Topics: 13022
  • Online Today: 1265
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)


Author Topic: Spam Worm Targets Twitter (Koobface new variant, Premium SMS quiz, ID cookies)  (Read 1986 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum

The popular social media service Twitter is being targeted by a new attack seeking access to user accounts to send spam via direct messages.

At first, the attack was thought to be the result of "phishing" or social engineering asking people to enter their username and password details into bogus sites masquerading as Twitter's website, possibly done by utilizing a cross-scripting vulnerability.

However, New York-based PHP and application security specialist Chris Shiflett says that he strongly suspects there's a new variant of the Facebook worm Koobface at large, which searches for users' session ID cookies. These are set on users' computers when they tick the "Remember Me" box to stay logged onto Twitter.

While the exact scale of the attack isn't known, anecdotal evidence suggests many thousands of people have been affected and have had their accounts compromised.

Once it has access to the session cookies, the worm can log on to Twitter and send direct messages to the followers of the user whose account has been compromised.

An application and development specialist at an Auckland software house where Twitter users were inadvertently spamming their followers multiple times spoke to Computerworld on condition of anonymity, and says his company's IT security staff suspect a new variant of Koobface as well, one that antivirus scanners have yet to pick up.

The worm may have got in via a USB stick, the specialist says, and "slammed through the network, looking for Twitter session cookies."

Complicating the issue is the fact the worm has yet to be found -- the specialist says it appears the worm deletes itself after finishing its programmed task. However, the modus operandi of the worm is similar to earlier Koobface attacks, the specialist say.

Apart from a primary payload of infecting further machines, the worm appears to be sending out direct message spam for a Premium SMS "quiz" service website, aimed at US customers. The service has a minimum charge of US$4.99, and a US$10 a month continual cost.

Koobface runs on Windows only and is highly polymorphic with over 20,000 variations discovered so far, making it hard to protect against.


Samker's Computer Forum -


  • SCF Advanced Member
  • ***
  • Posts: 176
  • KARMA: 22
That´s the second time ...the first time the tweeter was off line for a long time!!


Samker's Computer Forum -


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising