The web2.0 is extremely active. Very quickly new usages and new tools appear. Some of them are extremely successful. One of the most currently successful one is Twitter. If you do not have both a Facebook/mySpace account and a twitter, you’re a dinosaur. (This is my case :Wink: )
Thus, Web 2.0 is evolving extremely fast. The only thing that evolves faster is the cracking community. The more successful the new service, the more attractive target for crackers.
There are already some worms dedicated to Twitter. The latest one (30 may) is the “best video” from http://juste.ru. The twittee who clicks on this link inside the message connects to this site. This site then infects the host computer and steals Facebook and Twitter credentials. With these credentials, it sends the spam message to your friends who trust you. It is spreading fast. Here are the recommendations of Twitter.
No matter how good that “best video” looks, don’t go to any juste.ru domains. We’re aware of the situation and are working on it.
Update: We do not believe that anyone’s personal information was compromised as a result of this outbreak; suspended accounts should be cleaned and restored soon.
Once more, the same old tricks based on social engineering. It is not because it comes from twitter that a site is not nefarious. People should stop to click on any links without knowing what is behind (as they should not open files they do not know).
The new medias just open new highways for attacks. And the crackers immediately use these nice unprotected avenues.