digg

Facebook Connect Join Digg About
See the original image at pcworld.com

Twitter Suspends Accounts of Users With Infected Computers

pcworld.com Twitter is suspending the accounts of some users whose computers have fallen victim to a well-known piece of malicious software that targeted other sites such as Facebook MySpace. The malware, Koobface, is designed to spread itself by checking to see if person is logged into a social network. It will then post fraudulent messages on Twitter acct.

Who dugg this? Made popular Jul 11, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

68 Comments

show profanity settings
expand all
  • fleecejohnson, on 07/11/2009, -4/+40I once broke up with a girl over an infected twatter.
  • kplo, on 07/10/2009, -1/+36Quarantine!
  • madbadger, on 07/11/2009, -1/+33Sounds like a good idea to me. If you aren't capable of keeping your computer malware-free, I don't need you on the internet spreading malware around.
  • matty6742, on 07/10/2009, -7/+17Please read if you have a Twitter account
  • inactive, on 07/11/2009, -0/+10The virus' name is Koobface! hehe
  • inactive, on 07/11/2009, -2/+11Don't read if you do not have a Twitter account ;)
  • BREZZZ, on 07/11/2009, -2/+9A good part of this problem could be resolved by not counting URLs in the character limit , or at least showing full URLs when hovering over the link. It would maintain the "short but sweet" style and remove a layer of obfuscation that these people are using. It won't stop everyone from clicking the link, but those who pay attention might take more caution when a link seems out of character for a person.
  • unusualbob, on 07/11/2009, -3/+10No, more than likely this does not infect the mac.

    But Macs are not infallible, just a more hardened target and a smaller market combined make them not worthwhile for most malware developers as it is not profitable. Most people aren't making malware for fun, they are making it for profit. If its easier to attack a 500,000 Windows 2000 machines that have no service packs and it will do the same thing as infecting 50,000 macs that are hard to infect, well then they are going to spend their time on the Windows development. Time is money.

    As the mac market has grown there have been more known trojans and other things of the sort known for mac, but due to the secure nature of the machine it has not been much of a problem.

    Just keep in mind that there is actually antivirus/antimalware software developed by companies like Norton and Kaspersky available for macs, that should tell you something.
  • Presbyterian, on 07/11/2009, -13/+19So?.Most people don't use Macs.
  • dhughes, on 07/11/2009, -1/+7 Shh don't provoke them, remember - security by obscurity, you'll inspire some 8 year-old kid to work on a Linux super virus.
  • Floris, on 07/11/2009, -1/+6twitter has this mentioned in their blog and status page, it's not like they're hiding it.
  • encrypteduser, on 07/11/2009, -0/+5More info on the Koobface worm here: http://pandalabs.pandasecurity.com/archive/Koobfac ...
  • dijkstra22, on 07/11/2009, -0/+4@webweave, that comment was totally off base and unrelated.
  • thevoiceless, on 07/12/2009, -0/+4Guys, serioiusly, don't do this. Everyone knows Linux isn't susceptible to as many viruses as other OSs, please don't try and make those who use Linux sound like elitists. It's a really annoying stereotype that affects all of us, including the ones that use Linux because it's what works for them and not because it makes them feel better than people who use other OSs.
  • joedawson, on 07/11/2009, -0/+4We have a 2319...
  • Suricou, on 07/11/2009, -0/+3It might make sense to block infected computers from accessing any site except those needed to disinfect. Windows Update, the major antivirus vendors and their update servers, the free antivirus products, and google so people can find them. Just redirect everything outgoing on port 80 to a 'you are infected' page server, and disable all other ports entirely.
  • babylonian, on 07/11/2009, -0/+3While I'm unsure of the technical ability of Twitter to integrate hover-over full URLs for URL-shortening services, since there are dozens of different ones and they're almost all privately owned, your ideas are actually really really good.

    While not counting URLs in the character limit is a pretty good idea, what they could do in addition to that is to do what every message board on the entier internet does and just shorten the display of long URLs with elipses . For example, http://digg.com/security/Twitter_Suspends_Accounts ... would display as something like http://digg.com/security/Twitter_Su...ected_Comput ... It's very possible, and would provide a great solution to the malware problem that url-shortening tools have spurned.
  • carlosos, on 07/11/2009, -1/+4NO!!!

    The ISPs should only give me a cable going to the Internet and not doing any monitoring or changing of data. I don't want an ISP to spy on me!
  • crossmr, on 07/11/2009, -2/+5ISPs need to take note.
  • Suricou, on 07/12/2009, -0/+2Because to learn how to use a computer fully takes several years.

    If macs had been cheaper, they might have taken the same market as windows ended up in.
  • dragossh, on 07/12/2009, -0/+2A Mac is even more dumbed down, Windows is actually more Amiga-like. So your argument does not hold.

    What I'm baffled about is why people expect to use computers without even having to learn anything. When I buy a piece of equipment, I am expected to learn how it works in order to use it.
  • gabrielgonzalez, on 07/11/2009, -10/+12Maybe not but then again 1) most people dont use Macs and 2) ppl dont make viruses bc almsot nobody uses a mac. lol
  • webweave, on 07/11/2009, -2/+4If you choose to use Windows you must accept that you have also chosen to use a system with certain widely known flaws. If you want to use the number one system for virus and compromises that's your business but the media should be responsible enough to identify the victim systems as those running windows.

    I really don't understand the attraction of windows, the money you save on low end hardware and copied commercial software is quickly offset by the time spent keeping your system current and running.
  • crossmr, on 07/11/2009, -0/+2wake up they already do. Some of them already monitor for things like suspicious activity. For example a user who suddenly starts scanning massive port ranges that are known to be associated with with spyware.
    When it comes to things like users being infected with botnets, serious viruses, etc, ISPs need to cut them off.
    Piracy may be a gray area in some countries, but botnets really aren't.

    Malware, viruses, etc are pretty easy to take care of with free software. If ISPs notice one of their users making massive amounts of connections in behaviour consistent with a known virus, etc they need to inform their customer and give them an opportunity to clean their machine. Frankly it would be trivial to automate it. However if the same user is consistently noted for making these connections and can't give a legitimate reason for it, or doesn't respond, they need to be shut off until they clean their machine.

    You paying $40 a month doesn't give you the right to leave your computer open to attack other internet users.

    If you think it does, I can only imagine where you come from..
  • Whackly, on 07/11/2009, -0/+2Apple =/ Mac
    /Semantics
  • lejovchina, on 07/11/2009, -1/+2I think you use a mac.
  • Suricou, on 07/12/2009, -0/+1I used to run Vista. Still managed to pick up malware. Not a virus though - some piece of horrible url-redirecting adware.

    No OS in which the user is expected to use an administrator account for everyday use should ever be considered secure - even if it keeps prompting them with 'are you sure?' messaged.
  • itc518, on 07/10/2009, -4/+5Wow, that is intersting. Definitely something any twitter user should know about.
  • JohnnySoftware, on 07/12/2009, -0/+1Maybe but since no major antivirus software company's product blocks or even detects all malware. There are some (e.g. Sony's rootkit trojan malware) that went undetected let alone handled by all of them for over a year - you could wind up cutting of people from an expert who actually does know about the problem.

    In the case of the very serious Microsoft Windows malware present on hundreds of Sony "enhanced" music CDs the discovery was made at home by a computer security researcher. He discovered it because his own computer was infected.

    Imagine if he got cut off from the Internet and could not rapidly communicate/dialog about the problem.

    Basically, it looks like the cost of these intrusions, DDoS attacks, financial fraud and identity theft are reaching or exceeding the cost of the GM bailout.

    Impeding unfettered access of infected computers to the Internet is necessary but I am pretty sure all out blocking is not the answer. Antivirus tools have not solved the problem. Windows Update has not solved the problem.

    Maybe a progressive tax on computer software makers based on how many intrusions/exploits they have had and how long they have had them and how much they have cost the public and industries.

    Or, implement increasing levels of blocking against ISP's subscribers based on the same criteria.

    Clearly some kind of curfew if not outright quarantine of misbehaving instances of badly defective platforms is called for. This in turn will spur innovative & effective improvements by software makers through normal market forces which right now they are hiding from.

    I think you are on the right track but it needs to be based on the degree to which the specific computer and other computers of that platform type are presenting a problem to computers. Had such a scheme been in place last week, then the DDoS attacks that crippled some US government and of course financial & news media web sites would have had far less impact.

    However, when it comes to trojans, I think that individual computers should be assessed a greater liability than normal and operating systems should receive a lower liability than normal. The reason is simple, trojans are almost always the fault of the users or in the case of Sony, of a software/media company.

    Worms and viruses to my mind are mostly the fault of the operating system maker or in rare cases a software maker. Basically, the Microsoft Office suite exposes Macintoshes to worms in a platform which ships with virtually no such vulnerabilities.

    There was a case where Macs shipped with a version of PHP configured in such a way that it was secure as far as PHP can be called secure but users had downloaded a different version and created a vulnerability by misconfiguring their custom installation. That should not be considered the manufacturers fault. I am not sure that it is solely PHP's fault or the users'. It is somewhat moot because PHP development is handled by a non-profit organization.

    It is worth thinking about. There is adequate documentation now as to which platforms have the worst track records. This approach is greatly endowed by the fact that these platforms and applications stick out like a sore thumb.

    A progressive financial tax on their makers would generate an incentive to fix them that is lacking in an environment where monopolies exist and SLAs basically say, "we can do anything - we'll pay nothing for damages, you the victim or people/agencies your computer victimizes shall bear all the coasts".

    A progressive restriction on computers would likewise spur an interest in fixing their computer problems and staying on top of them. And ultimately, if the manufacturer of that platform was unresponsive and irresponsible - it would spur a migration of users/customers to a platform that was intrinsically safer".

    Either way, we all get what we want and it's inherently safer & cheaper than the existing system. The only people who would not like this or benefit in some way are hackers and incorrigible bad software makers. Why should we cater to them?

    We're in an insecurity rut in the United States & worldwide. Things have effectively not improved in the past decade. Each year the number of malwares infecting systems increases by more than the year before. There is no end to this in sight under the status quo.

    We are Americans and we supposedly understand capital. Plus, we are supposedly computer/technology savvy. It is time we show these things and straighten out our system. This week, more than ever, that is starkly apparent.
  • Whackly, on 07/11/2009, -5/+6I think the results are already in on Macs being a more hardened target. I think that's just not true. It's just that nobody targets them because .. you know.. why go through all the effort to bug a handful of scarf wearing vegans?
  • banditboydavid, on 07/11/2009, -2/+3Do you want something better than both Windows and Mac? Linux is the answer!
  • Trader76, on 07/22/2009, -0/+1Only the strong like www.bluepointsecurity.com that have the techology should be allowed.
  • AmyVernon, on 07/11/2009, -4/+5I'm thinking ... no.
  • inactive, on 07/12/2009, -0/+1 It's a shame this continues to happen. Think of what could be accomplished if all the virus/worm builders turned to the good side.
  • JohnnySoftware, on 07/12/2009, -0/+1PHP based portals get infected with malware all the time. Almost all portals use HTML/XHTML and Javasscript - or else they use Java - for UI; on the backend they usually use SQL for storage.

    All of these things are computer languages. Inserting user data into a template string/page and then executing or interpreting the result leaves the door open to all sorts of completely different interpretations of the the statement you _thought_ you would get when you looked at the template.

    It is not unheard of for computer security vendor web sites to suffer from HTML and/or SQL injection errors on their user support web sites. Ironic, but it does happen nevertheless.

    Mozilla had a problem with their support server which runs Drupal getting hacked. Government sites and commercial sites get hacked all the time. If you don't count those as "social" sites, consider how often MySpace has gotten hacked and user profile pages on there have gotten hijacked.

    This is far from the first time a social networking site has been hacked.
  • ddd666, on 07/11/2009, -0/+1wow, must the first time ever for a social networking site! Anyone know if they have sorted it out and blocked said virus yet? They must be able to do that in this day and age?
  • Suricou, on 07/11/2009, -0/+1I'm writing this post about writing this post about writing this post about writing this post about writing this post about writing this post about writing this post about writing this post -
  • banditboydavid, on 07/11/2009, -1/+2Can't you disinfect a computer by spraying it with Lysol ;)
  • inactive, on 07/12/2009, -0/+1Nor Linux for that matter.
  • Whackly, on 07/12/2009, -1/+2I think any number of PWN 2 OWN contests prove that both of you are just plain wrong. less than 10 seconds in 2009
  • inactive, on 07/11/2009, -1/+2It's become self-aware......
  • Wilddigi, on 07/11/2009, -0/+1Why? How does twitter bother you?
  • inactive, on 07/12/2009, -0/+1 This is true. I use Linux and I don't like us to come across as stuck up so and so's.
  • jdmulloy, on 07/11/2009, -21/+21Linux FTW
  • bmacs, on 07/11/2009, -3/+3I think maybe you're infected with stupidity. Zing!
  • Sumyunguy, on 07/11/2009, -2/+2I think ISPs should do this!
  • anshuman, on 07/11/2009, -2/+2entire internet should be suspended for computers affected with viruses.

    (and before you ask me how will they get disinfected, the answer is get the virus-scanner/malware remover from a friend who has good computer, that will give you another reason to be social in real life too).
  • dhughes, on 07/11/2009, -1/+1Big Mac?
  • Suricou, on 07/11/2009, -1/+1It's user friendly. By which I mean idiot-friendly. Linux is getting there very slowly, but it still isn't even close.

    The typical PC user, who just wants to get their work done on it and play the occasional game, doesn't know what a kernel is. They don't want to know. They don't want to have to run a backup, ever, and they would rather not concern themselves with updates. They are only in the vaguest way aware that such a thing as a driver exists. They have no idea what a service is, or a TCP port. They send email to an email address, unaware of the interplay of DNS, SMTP and POP3 needed to get it to the recipient.

    A lot of them are still struggling to get their heads around the idea of a filesystem - they put all their files on their desktop, or in My Documents. But they don't know these relate to places on c:\ - the very idea of c:\ is a scarey concept, a place full of mysterious files that might break if touched.

    Windows is perfect for those people, because everything is hidden. The same features provide endless frustration to the geeks, but to the typical user they want all the technical stuff to be hidden away from them, so they don't have to know it.
  • Fetching more discussions...
    Show 51 - 71 of 71 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.