Exploit coders using the drive-by website method of hacking into accounts and networks have been spotted using a "trendy" Twitter command in order to redirect online users into malicious sites and induce a botnet nightmare. This technique assists in hiding hackers' devious deeds with little to no effort on their part.

The micro-blogging-based social network has made APIs (application programming interfaces) such as the Twitter trends one readily available for legitimate, non-spoofed, and secure websites to easily plug into the top trends and topics being tweeted by the general Twitter population. As the opinions and concerns of Twitter users progress in a periodic manner, so too will the purported "Top 30 Trending Topics".

However, malware miscreants and online outlaws are apparently using the API for the purpose of creating an endless inundation of keywords as well. Denis Sinegubko, an IT security researcher, reports that the API is being integrated by hackers to heavily obfuscate redirection scripts inserted into malicious, hacker-managed sites. The malicious code brought victims to drive-by websites that try to exploit any and all unfixed vulnerabilities in applications like Apple's QuickTime. Also, it made use of the second letter of a trending topic in order to deliver a clandestine script that helps significantly in determining what's inside a given domain.

For example, the top term "Jedward" from a couple of days back can turn into ghoizwvlev.com. Other domain names spoofed and mangled this November include abxhcgvlev.com, fgxhzgvlev.com, and abirgqvlev.com. The use of the code of the second character in a Twitter search that was the most visited just two days beforehand is capable of making domain name production a lot less predictable and solvable by IT security experts.

According to Sinegubko, this method allows cyber terrorists to create temporary domain names that they can abuse for just one day, and then move on to brand new ones the next day without any consequence or threats of being shut down by IT security authorities. The Twitter API serves as a useful randomizer of sorts in a hacker's bag of tricks because it assists in stopping malicious scripts from being impeded or terminated by online scanners searching for such dangerous web-based hazards.