Goo.gl worm plagues Twitter

Posted by Lydia Leavitt

A Twitter worm is burrowing through the popular social networking site - affecting mobile users who click on shortened goo.gl links ending in "od0az" or "R7f68."

"We're aware [of the worm] and have sent out password resets for affected users," a Twitter rep told CRN.

"We'll [certainly be] monitoring the situation in case of further iterations."

Goo.gl worm plagues Twitter usersThe worm is spread by anyone who clicks the shortened URLS, which shifts users to a French-based furniture website, Artcan Developpement, and then redirects them to executable or php sites designed to infect computers and further spread the worm.

It's speculated that the worm is also propagating via tweets advertising "Filwrs." 

So, if you see a tweet advertising "Filwrs" in your news feed, you are advised to revoke its access to Twitter by clicking "Settings," "Connections," "Find Filwrs," and "Revoke Access."

The rapidly spreading worm highlights the security dilemma presented by shortened URLS.

For example, looking at a normal, users can typically make an educated decision as to whether a site is indeed legitimate. 

However, an educated guess is clearly inapplicable with a shortened web address.

Indeed, when multiple "reliable" sources are compromised, more people are likely to click on a link and become infected.

"It's the type of attacks that we're seeing now in 2010, the attacks are focused on exploiting on users' social networks. It's no longer about getting a user to go to a malicious site," Invincea founder Anup Ghosh told CRN.

"In this particular case, there's not a lot Twitter can do about it, unless they were to server every single line, and somehow able to determine that the links are malicious."

As such, users are advised to inspect shortened links before clicking and avoid any links shortened with goo.gl.