A new worm is flooding Twitter accounts, enticing people to read information about acai berries or "acainews". The tweet typically starts off with the person claiming weight loss after drinking acai berry extracts and shows links to "acainews". The Acai Berry worm spreads like wild fire as it sends out thousands of tweets per minute. What’s more is that it has hijacked a large number of twitter accounts turning them into spammers. This attack has been the fastest-spreading in Twitter’s security history.
It is not yet clear how the worm operates, as of now the most prominent effect of the worm is turning a compromised account into a spammer, sending tweets about the benefits of acai berries with links to "acainews". There is of course great potential for more damage as some links and sites can contain malicious software that can affect any system. This can also lead to hackers being able to control accounts. As for the acainews site, Damon Cortesi of TweetStats says that there is no evidence of malicious software coming from the acainews site itself. It seems that only Twitter and other micro-blogging services are being affected, turning normal accounts into spammers.
The attack is linked to the recent security breach in Gawker Media where an estimated 1.3 million commenter accounts were hacked and their passwords compromised. According to Gawker, the hackers were able to get passwords from their servers that included several other sites handled by Gawker Media. This also impacted Gawker commenter’s Twitter profiles and passwords, the stolen accounts were used to send out spam tweets about acai berries. The gossip site has expressed apologies and embarrassment for the security breach that affected millions of user accounts and is working to tighten commenters’ security. They even put a banner on their site advising all users to change their password immediately. The downside of this is that it had already affected other systems such as Twitter and other micro-blogging services.
It is important to change your Twitter password immediately, especially if your account has been compromised. Create a strong password, preferably not a dictionary word that includes numbers and letters. If you are using the same log in information for your other accounts like Facebook or Gmail, change your passwords there as well. It’s recommended to have different passwords for different accounts, using one log in for different services can increase your chances of being hacked. If you are having difficulty in maintaining different passwords for different accounts, we recommend using a password manager, there are plenty that offer military-grade security, and you can download them online.
Gnosis, the activist group claiming responsibility for hacking Gawker’s content management and user data base attack, says that the site has the worst security ever see and that their major motivation for the hack was the media site’s arrogance and attitude against hackers. What’s scary about the whole thing is that the group also uploaded the file containing the passwords on the internet for other hackers to download.
Currently about 175 million Twitter users are affected by the attack and the numbers are growing. Although no other adverse effects have been reported aside from the annoying spam flooding user accounts, people are advised to update their profiles, passwords and other accounts related to their Twitter account to ensure security.