By Dan Goodin in San Francisco
12th November 2009
Drive-by exploit writers have been spotted using a popular Twitter
command to send web surfers to malicious sites, a technique that helps
conceal the devious deed.
The microblogging site makes application programming interfaces (APIs)
such as this one available so legitimate websites can easily plug into
the top topics being tweeted. As the concerns and opinions of Twitter
users change over time, so too will the so-called top 30 trending
But it turns out that the API for generating the never-ending stream of
keywords is being used by miscreants, too. According to researcher Denis
Sinegubko, it's being added to heavily obfuscated redirection scripts
injected into compromised websites. The scripts, which redirect victims
to drive-by sites that attempt to exploit unpatched vulnerabilities in
programs such as Apple's QuickTime, use the second letter of a trending
topic to arrive at a secret code that's a key ingredient in determining
the contents of the domain.
The top term "Jedward" from a few days ago, for instance, becomes
ghoizwvlev.com. Other domain names generated this month included
abirgqvlev.com, fgxhzgvlev.com and abxhcgvlev.com.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News