Posts Tagged ‘spam’

Twitter: The Launch Point for THE Next Major Virus Attack?

Wednesday, June 24th, 2009

Twitter is to a havoc-wreaking computer virus like airline travel is to a global pandemic.

When you think about computer viruses, you think about a) their capacity to inflict damage and b) their ability to propagate.  Devastating viruses are disastrous to those infected, but if they’re not able to spread very easily, they’re relatively innocuous to the overall population.  It’s the viruses that inflict massive damage and spread easily that are the most serious.

So, isn’t Twitter one of the greatest threats of all?

In the traditional model of virus distribution the goal is more often cumulative in the sense that the impact of a virus is intended to escalate and magnify its impact over time as computer after computer is infected — It’s a serial process, and the timescales involved typically ranged from weeks to months, even up to a year or more.  For instance, the Conficker virus reported to launch a major attack on April 1, 2009 was purported to be in circulation, active distribution, and on-going development in various forms by those responsible for perhaps a year.  No doubt they were and are yet still serious about whatever they’re up to, but there’s an element of time that works in both their favor . . and ours . . as the virus spreads.

But Twitter presents a different story.  What’s unique about Twitter is its combination of trusted status, instantaneousness, and anonymous forwarding to unknown URL’s (tinyurl and bit.ly are just two of many services used for the purpose of posting shortened, anonymous links on Twitter).  This particular combination has troubled me for quite some time, and it’s become article-worthy because of the growing prevalence of fake ’spam accounts’ on Twitter.  If you haven’t seen one, they’re relatively obvious fake accounts that post one or more links to advertising or virus-infected pages that then follow a thousand or more Twitter accounts, laying in wait for anyone unwitting enough to visit and click on one of the fake links before — Poof! — they’re suddenly spammed with advertising or, worse, infected with a virus.

The saving grace thus far is that these fake ’spam accounts’ are set aside if even only slightly by the fact someone actually has to visit the fake ’spam account’ page for it to actually be dangerous (or, for those more technically adept with Twitter, a heavy Twitter user inadvertently electing to follow one of these fake ’spam accounts’, thereby introducing links to spam or viruses into their personal timeline).  Either way, everyone is ever so slightly ‘protected’ by the fact they must actually engage in some manner in order to open the door to being spammed or infected.

But that all changes if (or when) whoever’s spreading spam and viruses via Twitter successfully cracks a real person’s account.  Think about it, your computer could just as easily be infected by Lance Armstrong on the opening day of the Tour de France as it could be from opening an attachment in your e-mail.  Lance Armstrong has — get this — exactly 1,145,304 followers on Twitter (just checked).  How many of those follower would willingly click on any link he publishes . . . and not give it a moment’s thought?

And how many of those who click would simply look to the rest of us like they’re totally absorbed with the link Lance just posted as each of their computers get infected or, absolute worst case, starts dropping off the internet forever as their hard drives crash.  It’s not far fetched — The reality is that upwards of 1,000,000 computer could be infected (and possibly destroyed) in a matter of minutes.  That’s parallel, not serial virus distribution, and that’s way more alarming than what we’ve faced to date.

Obviously, Lance Armstrong would never be party to such an act — Taking down 1,000,000 of his fans’ computers would do damage to his reputation, too.  But that’s, in part, what makes it possible and perhaps even more likely, the fact everyone trusts Lance Armstrong . . . and everything he (purportedly) posts.

This is a make-or-break issue for Twitter — No company can simply walk around killing its Customers, intentional or not.  It’s not just bad for business — It ends the business.  And it could very well be the end of Twitter should something like the above ever actually occur.