The security of social networks was thrust into the spotlight yet again this week with the successful hack of the Twitter Grader application run by Hubspot, a maker of social media and internet marketing tools.
The Twitter Grader application uses an algorithm to calculate, or grade, a Twitter user’s ranking among their peers. This type of tool has been very popular with Twitter users who willingly grant access to their Twitter accounts for websites that offer this type of ego-feeding information.
The compromise resulted in thousands of unauthorized messages being sent from Grader users’ Twitter accounts containing a link to a web page that hosted an embedded video. The content turned out to not be malicious and it has been speculated that this was an attempt to increase the search engine rankings of the website.
The hack was quickly acknowledged by Hubspot who proceeded to take down the Grader application while they investigated the issue. Grader users are advised to revoke access for Grader to their Twitter accounts and also to consider changing their account password. Continue reading Twitter Grader Hack Highlights Social Network Spam Risks


There have recently been two publicized, high profile attacks on email marketing services. The two services are
Win32.Worm.Zimuse.A, it appears to have originated in Slovakia but has been quickly making its way around the world with the highest rate of infection now in the United States, followed by Slovakia, Thailand, and Italy. The virus and its variant, Win32.Worm.Zimuse.B, both work in the same destructive way. Once the system is infected, Zimuse creates between 7-11 copies of itself, installs a rootkit, alters system registry entries, and creates several driver files. After a pre-determined number of days (40 for A, 20 for B) it springs to life with a poorly written fake Windows Defender warning:

wing security protocols that could prevent phishing attacks. The report by the Online Trust Alliance, a group of security companies working to fight Internet fraud, found that 56% of the 25 agencies it studied did not authenticate emails or domain names.