In the last week Kaspersky Lab has uncovered a fake Twitter profile created solely for the purpose of infecting people's computers with rogue software. Security researcher Avi Raff has also launched a website devoted to Twitter security issues, named Twitpwn.
"It's hardly surprising Twitter is being targeted like this," internet, IT and media consultant Stilgherrian told ZDNet.com.au this morning via email. The consultant has 418 followers and is one of the nation's most prolific twitterers.
"It happens to every new social media channel," he continued. "Indeed, it happens offline too. Once *any* community gets big enough to be worth the effort, it'll start attracting the attention of marketers like spammers, or the con-artists."
According to Stilgherrian, Twitter was particularly vulnerable to links to malware-infested websites being spread, for several reasons.
Firstly, the bad links were usually passed on by trusted friends on the service, rather than en masse (like email spam), and users could be blinded to the true destination of the links by services such as tinyurl.com, or is.gd, which shorten links so they can more easily be spread.
"And I think a significant factor is that on Twitter, people forward links to their friends *very quickly*, almost like a reflex action, sometimes even before looking at them themselves," Stilgherrian added.
"This means that Twitter participants afford each other a high degree of trust," he said, "relying on the network of connections to affirm identity."
For example, Heaton said, when he was followed on Twitter by someone he didn't know, he checked their profile, their website and who else they knew online, and then determined whether he would follow them in return (although many people omitted one or more of these checks).
"The Twitter community has also created an environment of reciprocal following," Heaton said. "For many Twitter participants, this has become a form of unspoken etiquette. Unfortunately, this behaviour can open that person (and their entire network) to the type of exploitation described in your article."
Heaton said in many ways it was only a matter of time before some form of Twitter malware appeared.
"Why follow back someone you can't validate (I don't) and why click on their links?" he asked. "This is basic SNS [social networking] safety stuff."
Ironically, said Heaton, the best defence against the issue could come from spreading awareness, something Twitter was uniquely designed to do.
"David Armano (@armano) recently tweeted that he had been scammed by a Facebook look-alike," Heaton said. "His announcement went out to his many thousands of followers as a warning. It could well be that this trust network is the most difficult one to crack."
Renai LeMay's Twitter profile can be found here.
This blog is syndicated from ZDNet Australia, keep fully up to date with Renai at bootstrappr's home.