Warning: It appears that a worm has hit Twitter-the tweet will say “Best Video” with a link to “http://juste.ru.” If you see this in a tweet, do not click on the link. It’s unclear exactly how the worm is spreading. But from the look of Tweets about the virus, if you click on the link, you account could be compromised and spammed.
According to reports on Twitter, users who clicked the juste.ru video link had their account compromised and passwords stolen. Further details about the virus are limited but Twitter’s official spam account was updated this morning stating that Twitter is aware of the issue and making steps to resolve the virus. The Tweet also warned users to not click the Best Video link.
This isn’t the first worm to hit Twitter. In early April, Twitter’s service was infected with a worm that appeared to have originated from the owners of the website StalkDaily. This week, Twitter was hit with a “Twittercut” worm, which also compromised users’ accounts if they clicked on a link.
UPDATE: Twitter has posted the following update to its status page stating that the site is aware of the virus:
No matter how good that “best video” looks, don’t go to any juste.ru domains. We’re aware of the situation and are working on it.
UPDATE 2: Twitter has also noted that they’ve temporarily suspended some legit accounts to clean up the spam. Again, this is just temporary for the real accounts that were spreading the worm.
Another bad way to end the week for twitter. They’ve got to do a lot of work when it comes to fixing some security specs.
http://www.twibeo.com
The FriendFeed and Twitter combo.
FF’s Multimedia Sharing
Twitter’s simplicity
and this is exactly why twitter will fail. Relying on URL shorteners which can be any link. Owned.
I’m not so sure it’s safe to call this a Twitter virus, it’s merely a phishing attempt coupled with a worm to spread itself further. It can be just as easily deployed on facebook, as it can on twitter from understanding of it.
love short urls
Twitter won’t fail as badly as Twibeo
any day i should be expecting a twitter sale.
thank you for waring about virus
It doesn’t work with the current release of Firefox. If you navigate to
http://www.upda...ersoftware.com/
“This web site at http://www.upda...versoftware.com has been reported as an attack site and has been blocked based on your security preferences.”
Firefox will block it.
That site is registered to one Aleksey Melnikov in Moskva, Russia
who.godaddy.com/WhoIsVerify.aspx?domain=updateserversoftware.com&prog_id=godaddy
Who knows if that’s a real person or not, but at any rate, Firefox already has it listed as a phishing site and it’s banned.
The advisory for that site was provided by Google
http://safebrow...ersoftware.com/
That website is the website where the malicious code lives. The http://juste.ru only has the html with the youtube video.
I logged out and checked out the link, it embeds http:// juste. ru/ tds /r. php ?sid =2 &p id=11 51, I’ve made a fake account and tried it, nothing has happened. I’m unsure how this works, let’s see if we can’t all work out what it does
I’ll try in IE, it’s probably because of IE being so insecure…
Twittercrunch twittercrunch …. did i read ‘Official twitter blog’ at the top of the page? No. Then why are we essentially reading the official twitter changelog + bug tracker here every day?
Do you realize that there are still many more popular sites than twitter, and maybe it’s more important to cover their security problems? Or, maybe, that you should be nobody’s official blog, or else people will simply stop reading?
“Do you realize that there are still many more popular sites than twitter, and maybe it’s more important to cover their security problems? Or, maybe, that you should be nobody’s official blog, or else people will simply stop reading?”
Yes.
Techcrunch admit that, you have a share at Twitter. Don’t say NO.
Otherwise it is fucking impossible to think that, you are being an unofficial twitter blog without any financial benefit.
I’m so sick and tired of seeing this damn change logs and security issues here. Are you gonna release some patches for them maybe ha?
i agree, its fucking bullshit. im extremely annoyed by the constant news about twitter and its horrible 3rd party apps which consist of 10 lines of code. congrats, revolutionary!!!
That explains why @basementdad is following 78,369 and has 27,293 Followers…
These Twitter and Facebook scams must be stopped, they are hurting small-time developers like me to get their safe and “useful” applications get noticed. Check out TwitList http://www.twitlist.com – a combination of Twitter and Craigslist. Thanks!
Chris: Another reason I love Firefox.
Yeah! Another Twitter worm/virus. When will you people learn not to click on links from people you don’t know or login to anything that asks for your info? Dumbasses.
Agreed, and anybody who clicks a .ru domain anyway is just asking for trouble. I don’t think most westerners would ever find a need to click a .ru, so why do it?
But does it want to follow me and join my spymaster ring?
useless post, sorry
Thin the herd.
Probably exploits the recent Adobe Flash vulnerability?
http://www.us-c...ack_circulating
This is exactly why URL shorteners are fail.
@EH
There’s a FireFox extension that shows you the destination of a shortened URL before you click on it. Here’s a link to a page that describes it and several other helpful FireFox security extensions (warning, ugly URL ahead):
http://www.buil...39296649,00.htm
It looks like this has an iframe to some crazy latin-based, heavily-obfuscated javascript, which is the exploit; I wrote about this (and tried to de-obfuscate it) recently. The same (or similar) code was seen on a Facebook phishing site (brunga dot at) last week.
http://www.schi...ation-analysis/
I can confirm that this has jumped over to facebook already. I just got a facebook email from a friend – with a subject of nothing more than ‘video’ and link to /beur## (removed to protect folks – but let’s just say it’s ‘in the 30s’) on xrl.us redirect service. A simple run through a ‘redirect checker’ confirms it’s pointing at juste.ru…
spam + tweet = speet.
What would be more useful is if TC actually figured out HOW this worm is stealing passwords and reported on that. Then this post might have some value.
Anyone figured it out yet?
juste.ru is currently undergoing a DDoS Attack
Sweet baby jesus, another twitter article.
TechCrunch sure does house a lot of babies.
How come TC is not comparing Twitter’s current downtime!?
thanx for warning us.. I have never seen such links but still its shocking that passwords can be stolen so easily.. Use firefox and Kaspersky for better protection…
Thanks,
These links are stealing the informations.I don’t know why these bad creatures are doing like this.
yawn
oh goody, does that mean they’ll weed-out all the xrated tweets that have missed CL so much they just moved to a new location? Why, it’s just a spamatweetathon!
Well I guess this explains the strange fluxuation in twitter followers I was seeing last night. I was starting to think I had gotten hacked, now it looks like it was likely a result of the account suspensions
Twitter is a fad. It won’t last. I net you it will be irrelevant by this time next year. People are so flighty and wishy-washy. Watch, something will replace Twitter before the geniuses who invented it cash out. They will regret passing up these insane offers. Betchya anything
Anyone got one of the actual juste.ru links? i want to send it to some of my friends?
OK, anyone know WHEN and actually IF Twitter is going to unfreeze my account — trying to run a business here? What’s reasonable for me to expect? Twitter also ‘lost’ my email connected to that account, which is part of it … right? Thanks for any insights folks.
I don’t think most westerners would ever find a need to click a .ru, so why do it?
I have never seen such links but still its shocking that passwords can be stolen so easily.. Use firefox and Kaspersky for better protection…