VC's automated Twitter feed spreads malware

Auto-feed tweet distributed by Guy Kawasaki's Twitter account sends people to a link that installs a Trojan.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read

Guy Kawasaki's Twitter page Twitter

Updated June 25 at 9:00 a.m. PDT with Trend Micro saying the Trojan is harmful to Macs and PCs.

Venture capitalist Guy Kawasaki got more than he bargained for from an automated feed he set up on his Twitter account.

Some of Kawasaki's more than 139,000 Twitter followers noticed something strange when they saw a particular non-VC-related tweet sent from his account on Tuesday.

The update advertised a sexy video of "Gossip Girl" star Leighton Meester and had a link leading to a site where, if the visitor clicked to view the video (and ostensibly download a necessary codec), a Trojan called OSX/Jahlav-C for the Mac OS would be installed instead, Graham Cluley wrote on his blog on Wednesday for antivirus vendor Sophos.

Windows users aren't immune as the Trojan they will receive, TROJ_JAHLAV.B, is downloaded, according to Trend Micro.

"Following the link would be a very bad idea because it will lead you to a malicious Web site designed to infect both Macs and PCs with a DNS-changing Trojan, which at the time of writing has low-to non-existent detection rates by security vendors (although Trend Micro customers would already have been protected from visiting the known malicious site using our Smart Protection Network)," Rik Ferguson of Trend Micro wrote.

Kawasaki told The Wall Street Journal his account is set up to redistribute updates from NowPublic, a user-generated news site.

The auto-published tweet was from a NowPublic feed that was not moderated by the site, NowPublic co-founder Michael Tippett told the WSJ later.

"Auto-feeds on Twitter can be quite risky," Michael Argast, a security analyst for Sophos, told CNET News.

Kawasaki's account wasn't the only one redistributing the malicious link; the same tweet was sent from other lower-profile accounts.