Hackers hijack Christmas

Cyber criminals are using Twitter to spread malicious code, according to Panda Labs, the anti-malware laboratory from Panda Security.

One of the messages that has most encouraged users to click on an associated link is entitled "Shocking video of the Grinch!". The link takes the user to a site that attempts to download a file, ostensibly to provide a codec to allow the video to display.

Once the user has clicked the link they will be presented with a page that infects their computer with malware by exploiting a security hole in PDF files.

This then attempts to trick the user into downloading a trojan, which in turn will download further malware into the compromised computer.

This can result in hackers assuming complete control of the machine, with access to any personal information stored on it, or possibly turning the computer into a 'bot' with the aim of using it to host and distribute further malware or spam.

Dave Marcus, director of security research at McAfee Labs, recently demonstrated to Computing how easy it is to use sites such as Trendistic to see which key words and topics are grabbing attention on Twitter at any given moment. Cyber criminals then embed malicious links into messages featuring these topics to ensure they receive as much attention as possible. It's a simple but effective tool.

"It's the lure that gets them to click the link. Cyber criminals can then own their machine, steal their data, and make money," said Marcus.

Websense security labs also recently exposed similar phishing attacks operating on Facebook. Websense demonstrated an email that appears to come from Facebook Security demanding that users verify the account, but the scam has added veracity as the page is loaded from within Facebook itself using an iframe – an HTML tag supported by most major browsers.

Cyber criminals can use this to gather Facebook account details for social engineering purposes, or once again to encourage users to click malicious links.