-
Twitter Users Hit by LOL Phishing Attack
Techtree News Staff, Feb 22, 2010 1939 hrs ISTBeware of natural sounding links that might arrive as a Twitter direct message
IT security and data protection firm Sophos has warned Twitter users about a major attack against Twitter users this weekend. The attack, which seems to be still underway was designed to steal passwords and use hijacked accounts to spread money-making spam campaigns.
The attack began on Saturday with many Twitter users finding that fellow members of the micro-blogging network had posted messages disguised as humorous links. These were nothing but phishing intended links to dubious sites. The messages included natural sounding ones like "Lol. this is me??", "lol , this is funny.","Lol. this you??" and "ha ha, u look funny on here", were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a website based in China.
Sophos has made a YouTube video, which journalists and bloggers are free to embed on their own websites, demonstrating the attack. View it here.
According to Graham Cluley, a senior technology consultant at Sophos, the cybercriminals behind the attack are creating a zombie network, or botnet, of hacked accounts that they can then abuse to spread spam, distribute malware and steal identities. He also advises users to change their Twitter passwords immediately if they find sent messages in their outbox that they didn't manually send. Sophos also warns that the links are not passed on just through Direct Messages. These links are also being posted in public feeds which mean that you can stumble across the links even if they are not sent it directly, or even if they are not a signed-up user of Twitter.
Related Links
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls