High profile Twitter hack spreads porn Trojan

Former Apple Macintosh evangelist Guy Kawasaki [cq] posts Twitter messages about a lot of different things, but the message he put up on Tuesday afternoon was really out of character.

"Leighton Meester sex tape video free download!"

His message included a link that, after some further clicking, landed Kawasaki's followers on a fake porn site where online criminals try to install a nasty Trojan horse program on victim's computers. And in an interesting twist, the program attacks both Mac and Windows users.

Kawasaki, a well known entrepreneur who is now a a managing director of Garage Technology Ventures, isn't the only person whose account was misused during a new round of Twitter hacking Tuesday, but with nearly 140,000 followers he's the most high-profile. Meester, the star of the TV Show GossipGirl is also said to be the subject of a homemade sex tape that is reportedly in circulation.

It's not clear how hackers managed to gain access to Kawasaki's account -- security experts say that he and others may have fallen victim to earlier Twitter phishing attacks, where attackers tried to trick victims into logging into fake Twitter sits in hopes of stealing their login credentials.

Other hacked accounts are being used to to promote pornographic Web sites. Victims include an Arizona political blogger, an up-and-coming Canadian musician, and a Gay news site. (note, some of these Twitter pages still include pornographic and possibly malicious links)

Twitter has had its share of security problems over the past months. Earlier this year someone gained access to the Twitter accounts of U.S. President Barack Obama, Britney Spears, and others.

Recently scammers have become more aggressive on the site. They will set up new accounts and post spam messages on hot topics in hopes of gaining clicks when people search through Twitter.

And while hacked Twitter accounts are still rare, they're a much more effective way to reach victims, according to Rik Ferguson, a researcher with Trend Micro. "If you can take over an account that has a couple of thousand follower then you can get a much better return on your investment"

The Trojan link posted by Guy Kawasaki has been followed by more than 1,600 people, according to Gary Warner, director of research in computer forensics with the University of Alabama at Birmingham.

If a Windows user actually falls for the scam and downloads the Trojan linked by Kawasaki, the software will change his DNS (domain name system) server to one that is controlled by the hackers. That gives them away to steal more information, such as Twitter passwords or even online banking credentials, Warner said. "You're going to be using a DNS server that's controlled by criminals who can point you to whatever Web site you want and you'll believe it's the site you typed into your browser."

Mac users download a similar program, which also points them to a malicious DNS server, a McAfee spokesman said.

Kawasaki didn't respond to messages left by the IDG News Service asking him about the incident, but he did leave a Twitter message late Tuesday afternoon, "Don't know how that Leighton Meester sex tape tweet got into my stream here. Sorry all. Sad thing is that I don't even know who she is!" he wrote. Although Kawasaki admitted he hadn't posted the link, he also did not remove it from his Twitter page.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark