http://www.theregister.co.uk/2009/11/12/attackers_use_twitter_command/ By Dan Goodin in San Francisco The Register 12th November 2009 Drive-by exploit writers have been spotted using a popular Twitter command to send web surfers to malicious sites, a technique that helps conceal the devious deed. The microblogging site makes application programming interfaces (APIs) such as this one available so legitimate websites can easily plug into the top topics being tweeted. As the concerns and opinions of Twitter users change over time, so too will the so-called top 30 trending topics. But it turns out that the API for generating the never-ending stream of keywords is being used by miscreants, too. According to researcher Denis Sinegubko, it's being added to heavily obfuscated redirection scripts injected into compromised websites. The scripts, which redirect victims to drive-by sites that attempt to exploit unpatched vulnerabilities in programs such as Apple's QuickTime, use the second letter of a trending topic to arrive at a secret code that's a key ingredient in determining the contents of the domain. The top term "Jedward" from a few days ago, for instance, becomes ghoizwvlev.com. Other domain names generated this month included abirgqvlev.com, fgxhzgvlev.com and abxhcgvlev.com. [...] ________________________________________ Did a friend send you this? From now on, be the first to find out! Subscribe to InfoSec News http://www.infosecnews.orgReceived on Wed Nov 11 2009 - 22:20:33 PST
This archive was generated by hypermail 2.2.0 : Wed Nov 11 2009 - 22:30:37 PST