14 DAY TRIAL // Security researchers warn that Twitter users have been the target of several new, malicious attacks recently. These include a campaign distributing fake antivirus pieces of software, a Twitter-credential phishing attack and Google jobs-related scam.
A few days ago, Sophos' Graham Cluley reported that several Twitter accounts were spamming out a link taking users to a Web page that pushed a fake antivirus piece of software. Also known as scareware or rogueware, these applications attempt to scare users into paying for useless software licenses and giving out their credit-card information by displaying fake security alerts and bogus AV scans.
The spam messages varied widely, from promoting adult movies and other online videos to alleged news about hardware manufacturers. The offending link was obfuscated using the Metamark URL shortening service, but seemed to remain unchanged. Sophos notes that the rogue AV software was served from servers based in Toronto.
Yesterday, reports surfaced of an ongoing phishing scheme that attempted to steal Twitter login credentials. The spam messages contain the text "rofl this is you on here?" followed by a link of the form http://videos.twitter.[rogue_domain].com. Clicking on the link will open a fake Twitter login page, suggesting that the user needs to re-authenticate in order to view the alleged video.
Attempting to login is, obviously, a very bad idea, as it sends the username and password to the cybercrooks. "If you fell victim to this attack you should make sure that you change your login details on any other site where you were using the same password as that could also potentially become compromised," Mr. Cluley advises.
Finally, the latest attack spotted on Twitter is a scam targeting people looking for employment opportunities. "I heard on the news Google was hiring people to work from home. Here is the news article [URL]," the rogue message reads. The real URL is hidden using the dwarfURL service and clicking on it takes users to a bogus news website.
The page offers a "Google Work From Home Kit" for sale. The website comes with a subtle note in the footer that reads, "Google is in no way associated with this website. The Publisher and Author disclaim any personal liability, loss or risk incurred as a consequence of the use and application of the offer, either directly or indirectly, of any advice, information, or methods presented in this publication."