Twitter Grader home page

 Â 
UPDATE: You will see in the comments on this post an update from HubSpot with a link to their blog explaining the incident, I know a lot of folks don’t read the comments, so here it is in full.

“We are very sorry for the mistake. It is completely our fault. As your article mentions, we have contained the situation and stopped the malicious tweets.

We do want to make clear that by design, the HubSpot software applications are on different servers and systems from our free Grader.com tools. This attack did NOT affect the HubSpot software used by our 2,100 customers. Again, there is no impact on our paid product or paying customers.

We have posted an article on our company blog with more information:

http://www.hubspot.com/blog/bid/5594/One-Lesson-From-The-Twitter-Grader-Screw-up-OAuth-Rocks

- Mike Volpe
HubSpot (makers of Twitter Grader)”

…and that, ladies and gents, is an object lesson in how to deal with an event like this. Much respect to HubSpot.

 
__________________________________________________________________________________________

In what looks like another compromise related to Twitter services, a large number of Twitter users who have granted access to their accounts to the web service Twitter.Grader.com have all begun tweeting a bizarre and unauthorised message.
 

A few minutes ago I noticed that a friend of mine had posted the following status to her Facebook profile:
 

Facebook status

Google search result

 
I queried Google for “facebook unnamed app” and the third result on the first page pointed to a malicious website set up for the purposes of distributing fake anti-virus software, this time called “Security Tool”. If you are unwary enough to click the link you will be presented with a dialogue box informing you that you have a huge number of infected files on your machine and prompting you to use Security Tool to clean them up. The software of course is no real security solution and is designed to fool the victim into parting with hard-earned cash.
 

Security Tool Rogue AV

 
 Always search with caution, especially when searching for terms of high current popularity. Using search trends and conversation trends to target malicious software is now a firmly established criminal modus operandi.
 
If you are worried about computer security and not sure where to click, you can always contact me directly. If you feel you may have been affected by this or any other scam, then I would advise you to go and scan your PC with a real security solution, our own free HouseCall service.

 

This scheme offers the affiliate a customised “file” (detected by Trend Micro as TROJ_DROPPER.JLA) which you can then distribute to your victims using whichever means are the most convenient for you.

 

Maybe you want to push it out through your own botnet, spamvertise it, or perhaps rent some time on someone else’s botnet to get your file out there. Once installed, the malicious file will silently redirect browser traffic driving users to sites of dubious pedigree. You’ll need to be selective though, the scheme only pays out for victims in Australia, Canada, Germany, Great Britain and the US.

 

With its fully hosted management and tracking interface, automated malware generation, and the free sign-up process this scheme once again demonstrates how low-skill, low-effort and low-cost entry into this shady underworld has become.

As soon as the good news breaks that it is possible to use tools such as the network scanning tool nmap to search for machines infected by Downad/Conficker, then the malicious SEO work starts.

If you need malware removal tools type the URL of your vendor of choice directly into the browser bar and use links on their website. Do not rely on Google search results at this time, as they may have been “optimised”.

Careful what you click on, these Google results are loaded!