To post hundreds of spam messages

Mar 7, 2009 09:21 GMT  ·  By

A new threat to Twitter users came to light yesterday when hundreds of compromised accounts started sending spam messages that advertised an online adult webcam chat service. The Twitter staff have confirmed that around 750 users had their password reset as a result of the incident.

"Hey! 23/Female. Come chat with me on my webcam thingy here [link removed]" read the spam messages. Clicking on the link took users to a portal that, according to Rik Ferguson, solutions architect at antivirus vendor Trend Micro, "looks to have been designed with credit card harvesting in mind."

Furthermore, the webpage loads obfuscated JavaScript code that is being used to serve X-rated advertisements. Mozilla Firefox users can protect themselves against such rogue code by installing the NoScript extension, which blocks by default all JavaScript scripts on a web page, unless specified otherwise.

Twitter co-founder Biz Stone confirmed the incident in a post on the site's official blog. "Today we discovered about 750 Twitter accounts were broken into and had a link to a webcam site posted on the accounts," wrote Mr. Stone. "We reset the passwords of the compromised accounts and removed the spammy updates. Our safety team is currently investigating the attack," he also noted.

Meanwhile, Graham Cluley, senior technology consultant at Sophos, who also reported the attack, advises the users who unwillingly posted the message to change their passwords and more importantly to also change them on other services, if they use the same ones. "If you use that password on any other non-Twitter account then you must also change those passwords too (please *don't* make it the same as your new Twitter password)," the security researcher writes.

According to Mr. Cluley, Twitter is not the first social networking service to be hit by such an attack. A highly similar one occurred on Facebook last month, prompting the analyst to think that they are most likely the work of the same cyber-criminal group. "You don't have to be Albert Einstein to put two and two together, and deduce that these attacks must be related," he writes. Biz Stone also confirms this and notes that "It appears other sites and services have been affected by a similar attack."

There is still no information over how or when this mass account compromise occurred. It is possible that the accounts were hijacked during the attack or over time, in preparation for it. Either way, users are urged to practice safe password management. This involves choosing long and strong passwords, which include both uppercase and lowercase letters, numbers and special characters. Using the same password over multiple services is highly discouraged, but if it can't be avoided, people should at least use different passwords for sensitive accounts such as the ones for online banking or payment services.

Photo Gallery (3 Images)

Twitter accounts hijacked for spam
Twitter webcam spam messageFacebook webcam spam message
Open gallery