Malware targets Facebook, Twitter users

New York Times / December 14, 2009

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

  • E-mail|
  • Print|
  • Reprints|
  • |
Text size +

SAN FRANCISCO - It used to be that computer viruses attacked only your hard drive. Now they attack your dignity.

Malicious programs are rampaging through websites like Facebook and Twitter, spreading themselves by taking over people’s accounts and sending out messages to all of their friends and followers. The result is people inadvertently telling their co-workers and loved ones how to raise their IQs, make money instantly on Google, or watch an awesome new video in which they star.

“I wonder what people are thinking of me right now?’’ said Matt Marquess, an employee at a San Francisco public relations firm whose Twitter account was recently hijacked, showering his followers with messages that appeared to offer a $500 gift card to Victoria’s Secret.

The humiliation sown by these attacks is just collateral damage. In most cases, the perpetrators are hoping to profit from the referral fees they get for directing people to sketchy e-commerce sites.

In other words, even the crooks are on social networks now - because millions of tightly connected potential victims are just waiting for them there.

Often the victims lose control of their accounts after clicking on a link “sent’’ by a friend. In other cases, the bad guys apparently scan for accounts with easily guessable passwords.

After discovering their accounts have been seized, victims typically renounce the unauthorized messages publicly, apologizing for inadvertently bombarding their friends. These messages - one might call them Tweets of shame - convey a mix of guilt, regret, and embarrassment.

Social networks have become prime targets of malware creators for good reason, security experts say. People trust the messages they receive from friends, and are inclined to overlook the fact that, say, their cousin from Ohio is extremely unlikely to have caught them on a hidden Web cam.