AOH :: ISNQ5625.HTM

Attackers use Twitter API to conceal exploit sites




Attackers use Twitter API to conceal exploit sites
Attackers use Twitter API to conceal exploit sites



http://www.theregister.co.uk/2009/11/12/attackers_use_twitter_command/ 

By Dan Goodin in San Francisco
The Register
12th November 2009

Drive-by exploit writers have been spotted using a popular Twitter 
command to send web surfers to malicious sites, a technique that helps 
conceal the devious deed.

The microblogging site makes application programming interfaces (APIs) 
such as this one available so legitimate websites can easily plug into 
the top topics being tweeted. As the concerns and opinions of Twitter 
users change over time, so too will the so-called top 30 trending 
topics.

But it turns out that the API for generating the never-ending stream of 
keywords is being used by miscreants, too. According to researcher Denis 
Sinegubko, it's being added to heavily obfuscated redirection scripts 
injected into compromised websites. The scripts, which redirect victims 
to drive-by sites that attempt to exploit unpatched vulnerabilities in 
programs such as Apple's QuickTime, use the second letter of a trending 
topic to arrive at a secret code that's a key ingredient in determining 
the contents of the domain.

The top term "Jedward" from a few days ago, for instance, becomes 
ghoizwvlev.com. Other domain names generated this month included 
abirgqvlev.com, fgxhzgvlev.com and abxhcgvlev.com.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods