Twitter’s good for many things, but in particular the popularity of the micro-blogging network with celebrities has meant that it’s been particularly resourceful for hackers looking to exploit the accounts of the rich and famous to spread malicious scripts and unsavoury messages amongst their millions of fans.
Axl Rose, Britney Spears, Lil Wayne and Ashton Kutcher have all been the victims of a hacked Twitter profile in the past. And now, reports Graham Cluley at Sophos, the latest member of this club is British comedic actor Simon Pegg.
Pegg, famous for his roles in Spaced, Shaun Of The Dead, Hot Fuzz, Star Trek and his newest movie, Paul, is a prolific Twitter user who boasts more than 1.2 million followers. The actor regularly shares news and gossip about his film work, so when he sent out a tweet late last night that offered a new Paul screensaver to his Twitter followers, it was taken in good faith.
Problem was Pegg didn’t send the message. And when fans rushed to download the screensaver, many of them quickly discovered malware hidden within the file. Specifically, a banking Trojan that Sophos identified as Troj/VBBanker-A, a nasty little bugger that disables firewalls and steals credit card information and other sensitive financial data.
The hacker even had the audacity to stay around and retweet messages from people thanking Pegg for the screensaver.
Late last night Pegg was alerted by his web design team that his Twitter profile had been compromised, and an understandably enraged Pegg quickly put out a message to fans warning them of the exploit.
The malware only targeted Windows users, but Pegg couldn’t resist making a joke.
Of course, this could have been very serious indeed. Pegg attended the Glastonbury Festival this weekend and one has to wonder if his Twitter profile was compromised when he was accessing his account via open wifi. Pegg’s usually a pretty savvy guy, but you have to wonder how long it’s going to be before the often laissez faire attitude celebrities on Twitter have towards security leads to a lawsuit from a disgruntled fan who unknowingly downloads a malicious file in good faith on the celebrity’s “recommendation”. And perhaps rightly so.
UPDATE: As of one hour ago, Pegg is still having problems.
Pegg has told fans to ignore anything that comes from him via a Blackberry (see Twitter for Blackberry in the tweet above), as you know he’s an ‘Apple slut’.
Somebody has to say it: surely he’s tried changing his password?
(Hat tip: Sophos.)