Hundreds of Twitter accounts hacked to spam malicious messages

24 Apr 2014

Examples of the Twitter spam attack

Hundreds of Twitter users appear to have been hijacked on Wednesday night after they began noticing tweets relating to ‘miracle diet pills’ and other spam-like material.

First reported in the US at 10pm UTC, many of the links related to weight loss and included a link to a fictional women’s health magazine online which would lead to further malicious material being downloaded onto the user’s computer.

For un-suspecting people viewing their Twitter feeds, they would have seen one of the people they were following tweeting “If I didn’t try this my life wouldn’t have changed.” Followed by the malicious link and, it appears, has fooled hundreds of people in the process into clicking the posted link.

Early on the posts also showed from the tag that it was being posted from a website called weheartit.com, but posts an hour later appeared to simply indicate the tweets were originating from an iPhone making it harder to track where the source was.

Those looking into how and why this virus was spread have yet to give any concrete answer but it is believed that a third party was able to bypass the magazine’s website, womenshealth.com, and use it as a conduit to send spam to its followers on Twitter.

The incident is an indication of the potential for websites to be exploited by hackers, particularly given the recent discovery of the Heartbleed bug that could allow a person with the right type of code to exploit the OpenSSL encryption software that exists on many of the internet’s websites and extract personal information such as passwords and credit card information.

Colm Gorey was a senior journalist with Silicon Republic

editorial@siliconrepublic.com