Last week we reported about a worm spreading across Twitter via direct messages. At the time we made a commitment to following up if we learned any thing new and we have thanks to the folks at F-Secure. It seemed unusual to us that a worm would only replicate itself to send direct messages to other Twitter users and do nothing more. Well, it seems there is further potential from this worm so here’s the scoop:
We asked the folks at F-Secure to provide a little more background on the worm and any harmful potential it may hold. What follows are our questions and the responses we received.
If someone follows the ‘ROFL’ dm link and shares their twitter credentials what, if any thing, happens beyond their account now sending dms to their followers?
Malicious links can be included in the Tweets. These links can lead to legitimate looking site asking for or “phish” for credit card information. They can install “video codecs” and backdoors, bots, and password-stealing trojans.
Does a worm or virus install on their computer or handheld device? Does it have a specific name?
No, the worm is a “web-app worm”. However, if the tweet contains a link to a site claiming that a video codec or other application needs to be installed, that download would install on the computer.
Other than changing their twitter password are there other recommended or necessary recovery steps?
If the victim as only had their account credentials compromised, then resetting those credentials should fix the problem. However… if you use the same e-mail address and password with other accounts… the bad guys will also try to hack those sites. So update all of your passwords using a strong method at that point.
So, there you go fellow TwitterFools. If you did follow any of those phishy dm links, it would be wise to run a full virus scan on your computer using the most up-to-date virus definitions. Even if you didn’t follow a questionable link, it is good practice to change your login credentials on a regular basis just to be on the safe side. Of course, you can follow @FSecure and contact them directly with any other questions or virus problems. Be well and Tweet safely!
