Tuesday, August 23, 2011

Twitter Malware: It's Coming After You

Most of readers of this blog are sophisticated social media users. I would include myself in that category. Well, I would have until last Sunday.

I may need to wear a shirt like this in the office.
Yes, I will come out and admit it for once. I got suckered into clicking on Twitter malware link that was forwarded to me by one of my trusted venture friends. Now that I got that off my chest, and demonstrated that I could be just as naive as thousands of users out in the internet, I think I can talk about this incident somewhat objectively.

It turns out that this particular malware spreads by getting Twitter user to click on the shorten t.co URL that was sent via private message. When unsuspecting recipient clicks on the link, it automatically sends the same tweet to all of the recipient's followers as private message. Very sneaky.

It was quite an embarrassing moment when I realized what just happened (I even had to update the new Twitter app to follow the link on my iPhone). Thanks to a couple of my co-workers and good Twitter citizen @DevonAlderton, I came to my senses only after a few hours later. Once a few seconds of disillusionment of my malware detect-o-meter had passed, I regained enough composure to delete all my private tweets to all my followers (thank goodness I don't have Kim Kardashian's follower base), and took remedial actions to shore up my defense.

As a self-proclaimed hacker and coder-turned product guy, I should have known. But why did I so easily fall victim of this malware tweet?

This was the malware tweet that got me.
Imagine getting this tweet from your old time friend...

It's because of social graph. If you were to receive this from me, a guy who would rarely share photos or personal links, it would be easy to tell this might not be a genuine message from me. It would also have very low attach rate if it's from total stranger. In fact all the SPAMs that we received in our inbox trained us to tune out messages from strangers.

But say it's a message from someone whom you trust, a friend who you took a summer vacation trip out with. You would not have a second thought clicking on the link thinking that it's one of the photos that you might have taken together during the trip.

On top of that trust relationship, Twitter does not allow personal style of communication to be revealed as much as email. Because of 140 character limit and how we often use urban vocabularies to express what we mean, it is more difficult to distinguish tweet from someone you know and from total stranger. Chances are, if you are getting a cold email from someone whom you haven't spoken for a while, the sender will give you some pleasantries and context of why s/he is reaching out. It's highly unlikely in a tweet due to character constraints of Twitter.

Given we are all connected in this social networking world, we are all exposed to these malware attacks. After all we are only as strong as the weakest link in the system. And that weakest link might be one of your trusted sources.

This is why we all need malware protections while we are on social networks. Shame on me for not installing Actiance Twitter malware protection on my personal Twitter account.

What are you doing to protect your Twitter?


  1. I follow whom I think credible and I tweet responsibly!

    social media for schools

  2. Excellent and decent post. I found this much informative.
    Pakistani Dramas