Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    3:30 am (UTC-7)   |    by

    The emergence of Twitter as a major microblogging tool with the feel of a social networking site also means it becomes a worthy cybercriminal target. Recent pranks, annoying at worst but not essentially harmful to accounts or systems, continue the series of attacks on the site. We blogged about Twitter threats before:

    In this recent prank, Twitter entries show up containing links preceded by the warning Don’t Click, thus tricking curious users into actually clicking the link, curiosity being the weakest link in online security.

    Clicking on that link creates an exact copy of the entry, but on the clicker’s profile this time. Twitter engineers were able to promptly fix the first prank, but a second and similar attack followed shortly, with slight variations to bypass fixes. As of this writing, Twitter has successfully fixed the problem.

    This type of threat is called clickjacking, or the theft of mouse cursor clicks from users. We previously blogged about the implications of this relatively new malicious technique. The Twitter pranks tell us now that clickjacking is no longer just a theoretical threat. It is real, and while in this case it was used in what could be a harmless experiment, it’s only a matter of time before it is used with more malicious intent.

    Configuring Web browsers to disable scripts is a recommended precaution. Firefox, notably, has a NoScript plugin that could be installed to defend agains clickjacking attacks.

    The Register reports about this Twitter incident here.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice