To the List of Hazards and Headaches of Live-Tweeting History, Add Hackers
Some days it just doesn’t pay to tweet when you’re a witness to historic events. Ask Sohaid Atha, the Pakistani IT consultant who tweeted about events he witnessed that turned out to be a U.S. military attack on the refuge of terrorist mastermind Osama bin Laden.
As noted earlier today, Atha, whose Twitter handle is @ReallyVirtual, live-tweeted descriptions of the raid in Abbottabad as it unfolded, not really sure what was going on, detailing helicopters hovering and explosions.
Naturally, every media organization in the world wanted to talk to him, not caring for time zone differences. He later tweeted that all he really wanted to do was take a nap.
And if that weren’t enough, his blog was hacked and started serving malware. He tweeted about that, too, but Web security firm Websense also noticed. Patrik Runald, a Websense security researcher, said that sometime overnight, the increase in attention on Atha’s Twitter feed, which contains a link to his blog, ReallyVirtual.com, was compromised and was as of this morning serving up malware. The malware was the old pop-up ad saying something to the effect that “your computer has problems, click here to download software to fix it, only $79.95,” and the software to “fix” the problem actually creates one. The malware has since been cleaned up.
“There was one line of code inserted into the page which loaded content from a site in Romania,” Runald said. Atha’s site runs WordPress, but an older version, he said. Rather than an attack carried out by anyone targeting Atha specifically, Runald thinks the attack was more likely carried out by an automated process that detected Atha’s blog after the surge in links to it via Twitter. “They wanted to get a free ride from all the traffic he was getting.”
Meanwhile, there’s also a scam-ad appearing on Facebook that advertises “Osama Bin Laden killed live on a news broadcast.” I could swear I’ve seen that one before. Either way, Websense says don’t click on it. Just don’t.