Twitter has attracted a new follower: financial malware capable of facilitating man-in-the-browser attacks through...
an infected computer.
We haven't seen a Twitter attack like this before.
vice president of marketing, Trusteer
Trusteer, a Boston-based cybercrime prevention vendor, said this week one of its researchers recently identified the malware, which targets Twitter accounts. While the malware attacks initially have appeared to focus on PC endpoints in banks and financial-services firms, experts said Android-based mobile platforms could eventually help spread the Twitter-based attacks to enterprises.
Unsuspecting followers of the infected Twitter account see the customary shortened URLs that disguise the underlying links, making it nearly impossible for a follower to spot a suspicious link to a webpage.
Trusteer said the malware attacks could be used to target financial transactions after gaining access to user credentials. So far, the attacks have been limited to the Netherlands, but could quickly spread to Twitter accounts around the world.
"We haven't seen a Twitter attack like this before," said Yishay Yovel, Trusteer's vice president of marketing. He said the malware essentially creates "an open channel" through which it can be distributed to followers of an infected Twitter account, which can then potentially "create a storm" of malware across enterprise networks.
Since identifying the Twitter-based malware while working with a Dutch bank, Trusteer's approach has been to try to establish what Yovel called a "bridgehead," which prevents the malware from breaching PC endpoints. Like most malware, Yovel said, "It's all about establishing a foothold in your network" -- in this case via Twitter -- by getting users to click or open a malicious link, document or application.
As with other types of attacks, Yovel said early detection of Twitter-based malware is critical since it narrows an attacker's options for breaching a network endpoint and gaining access to Twitter and, eventually, financial or proprietary information.
The challenge for enterprises, he warned, is managing security on mobile platforms where some of the malware attacks have gained access to Twitter accounts via SMS messages.
Yovel warned that while early malware samples have largely targeted banks, a wider range of companies could be at risk of falling prey to this or similar attacks. Twitter-based malware, he said, "is absolutely not banking-specific."