It’s just a matter of when: Context aware twitter malware/spam

: @orinthomas

Twitter malware and spam uses a pretty straightforward attack vector. You get a twitter message from an account (usually with an attractive female avatar) telling you that you’ll get something awesome if you click on the helpfully provided link. Most people don’t click, because they realize that if a hot chick sends you a link on twitter claiming you’ll win a free iPad, it’s probably not legit. If you do visit the site at best you’ve been spammed. At worst it hosts malware that tries to infect your computer.

Today’s twitter spam is quite crude. With the sort of twitter analytics provided by sites like Klout, I imagine that it will become a lot more sophisticated. Klout (and sites like it) allow you to quickly determine what a person’s interest are based on their twitter output. If you were trying to get someone to click on a link to infect them with malware, you’re going to be far more successful if you are hitting a topic that they are clearly interested in than a random promise of a popular product like an iPad.

Random people do legitimately send you links about stuff you are interested in on twitter. If someone tweeted me with a link to a topic I’d just tweeted about, I’d be a lot more likely to click on it than I would a random link sent without context.

So a belated security prediction – twitter link spam will get a lot more context aware in 2012 and it’s going to be difficult to make an eyeball determination whether someone you don’t know has sent you a link because they follow you and they think you will be interested in a topic, or they are just trying to spam you, possibly to a link that contains a browser exploit.


My new book: Windows Server 2008 R2 Secrets. It is a book for experienced Windows administrators who are new to Windows Server 2008 R2 and don't need a lot of basic introductory level material:

Discuss this Blog Entry 1

on Jan 17, 2012
I can find papers on how social networks yield email spam going back several years, so your prediction about Twitter seems perfectly reasonable. However, I've recently run across context-aware forum spam. Spams appear in forums that include a link to something dodgy. However, instead of including a block of nonsense text or some random quote in the forum post to increase length and fool filters, the spam post actually started with something on-topic. Apparently, someone has worked out how to tell a bot to read over the forum, figure out what it discusses, go to Wikipedia, grab an on-topic (out of context, yes, but on-topic) paragraph, and then post to the forum using that paragraph in the post to make the post look, at first glance, like it came from a human. Has anybody else seen this or have I just been asleep at the wheel?

Please or Register to post comments.

What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.


Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than thirty books for Microsoft Press, founded the Melbourne System Center,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×