Twitter issues warning over fake TweetDeck download
by Steve Ragan - Aug 31 2010, 14:45Twitter warned users on Monday against downloading a fake update to the popular Twitter application TweetDeck. While the update notice is false, TweetDeck users do actually require a different update that needs to be applied due to Twitter halting support for Basic Authentication in its API.
As seen in the images below, the fake warnings used a now-defunct AltURL to promote the malicious download, in addition to using trending topics and hash tags. The download itself is a Trojan, according to Graham Cluley of security specialist Sophos.
“It was a Bank Holiday weekend here in the UK meaning that we had the pleasure of a longer break than normal, with Monday not being a normal working day… TweetDeck itself is a British company, and mention of the Bank Holiday might lead one to suspect that the bad guys behind this attack are also based in the UK,” Cluley speculated in a blog post.
Last week, TweetDeck urged users to update because Twitter was planning to halt the use of Basic Authentication - leaving TweetDeck forced to switch to xAuth instead.
Mirroring the warning from Twitter, TweetDeck commented on Monday that: “These tweets are from hacked accounts and this file does not come from us. Do not download it.”
TweetDeck users can learn more about the legitimate update by clicking here. The switch to xAuth on Twitter for external applications will take place at 11:00 a.m. EST.
As mentioned, the malicious URL is broken. With that, Twitter has also reset the passwords for the compromised account spreading the messages.
Comment on this Story