24
Jun
Targeted Attack Designed to Infect Both Macs and PCs.
Article from Rik Ferguson
Filed under: Hacking,Mac OS,Web 2.0,malware | RSS 2.0 | TB | Tags: , , , , | 6 Comments

UPDATE (25th June): Guy Kawasaki has stated that his Twitter account was not compromised, the malicious tweet came from a feed that Guy’s account is subscribed to automatically post. The feed comes from NowPublic, a user generated news feed. According to the Wall Street Journal Michael Tippett, co-founder of NowPublic, responds, pointing out that Mr. Kawasaki’s auto-published tweets were from an unmoderated feed, not one of the moderated ones that the startup also operates.

 

That’s fine for Mr. Kawasaki’s personal peace of mind, but you have to ask yourself, with that many followers, is it sensible  to auto post unmoderated feed content? Is this going to happen again, with a more believable tweet?

________________________________________________________________________

Guy Kawasaki, the well-known venture capitalist and columnist was the victim of what appears to be a very targeted attack on Twitter today.

 

A single malicious tweet was inserted into Mr. Kawasaki’s profile without his knowledge

guytweet

 

 

The obfuscated link seemed incongruous on Mr. Kawasaki’s profile only because it was using a different URL shortening service to the one he normally uses. Other than that he is a person who regularly posts many links, so his 139,000 followers will be very tempted to follow them and that’s exactly the kind of thing that makes this sort of attack attractive to cybercriminals.

 

 

In this case, following the link would be a Very Bad Idea, because it will lead you to a malicious website designed to infect both Macs and PCs with a DNS changing Trojan which at the time of writing has low-to non-existent detection rates by security vendors (although Trend Micro customers would already have been protected from visiting the known malicious site using our Smart Protection Network).

 

 

The first site you land at is below

first-link

Click to enlarge

 

 

The image with the blue text shows how many people have followed this link, it would normally display an image designed to look like a media player window, but the site has been hit so hard that the bandwidth limit for the image server has been reached (note the text is in Russian and English)

 

If you click the media player to view the video, you are redirected here:

second-link

Click to enlarge

 

 

 

Again, the image server bandwidth has been used up indicating how many other people have passed this way, but it should look like that media player again… You click it and hit paydirt!

final-landing-page

Clcik to enlarge

 

 

There it is, the video you have been waiting for, but wait, you need to download an updated Codec… (sound familiar yet?)

 

 

Check out the TrendLabs malware blog for an in-depth analysis of the code involved in this interesting dual-platform attack.


Bookmark
| More
This entry was posted on Wednesday, 24. June 2009 and is filed under "Hacking, Mac OS, Web 2.0, malware". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

6 Comments to "Targeted Attack Designed to Infect Both Macs and PCs."

 Targetted Attack Designed to Infect Both Macs and PCs. » Counter Measures « Jared Rimer’s Technology blog and podcast:
Monday, April 25th 2010, 10:15 pm -> Wednesday, 24. June 2009 um 9:46 am

[...] Targetted Attack Designed to Infect Both Macs and PCs. » Counter Measures. [...]
Guy Kawasaki's Twitter account hijacked, pushes Windows and Mac malware | Zero Day | ZDNet.com:
Monday, April 25th 2010, 10:15 pm -> Wednesday, 24. June 2009 um 1:26 pm

[...] would later apologize but, as Trend Micro’s Rik Ferguson explains, the damage was significant for any of his tens of thousands of [...]
Twitter Links Infecting Both Macs and PCs With Virus? | My Philly Network:
Monday, April 25th 2010, 10:15 pm -> Wednesday, 24. June 2009 um 3:34 pm

[...] Targetted Attack Designed to Infect Both Macs and PCs. » Counter Measures. [...]
Guy Kawasaki's Twitter account compromised; used to deliver malware | The Apple Core | ZDNet.com:
Monday, April 25th 2010, 10:15 pm -> Wednesday, 24. June 2009 um 11:39 pm

[...] Micro’s Rik Ferguson adds that the payload at the end of the mal-Tweet was especially dangerous to both PCs and [...]
Another Sex Tape, Another Malware Attack | Trend Micro | Malware Blog:
Monday, April 25th 2010, 10:15 pm -> Thursday, 25. June 2009 um 1:51 am

[...] |   by Jonathan Leopando (Technical Communications) Earlier today Rik Ferguson at the Countermeasures blog posted about a new malware threat that came from Twitter. The details are at his post but the short [...]
Another Sex Tape, Another Malware Attack – Security Threat Research News:
Monday, April 25th 2010, 10:15 pm -> Monday, 7. December 2009 um 12:21 am

[...] today Rik Ferguson at the Countermeasures blog posted about a new malware threat that came from Twitter. The details are at his post but the short [...]

Name:

E-Mail (not published)

Website:


Spam protection


© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice | Disclaimer