A phishing campaign has hit the Twitter micro-blogging service over the weekend, forcing its staff to issue an alert. The campaign has since morphed, and there are now at least two different variations in circulation.

Phishers are using previously compromised Twitter accounts and the Direct Message feature to spam their malicious links. "Hey! check out this funny blog about you… [URL]" or "Hey, I found a website with your pic on it… LOL check it out here [URL]," some of the messages reported by Twitter users read.

The URL spammed in the original campaign pointed to a web page that was hosted on Blogspot in order to increase the message's credibility. However, when visiting the Blogspot link, users get redirected to a fake Twitter login page, located on an access-logins.com domain.

"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers," Graham Cluley, senior technology consultant for antivirus vendor Sophos warns.

"However, as so many Internet users foolishly use the same username and password for every website they access, the potential for abuse is even greater," the security researcher adds.

The Twitter team has published a post on its blog, describing this attack and informing that it is proactively resetting the password for the accounts found to be sending out these messages, as they have clearly been compromised. In addition, it advises users who are worried that they might have fallen victims to this scam to use the reset password link.

Reports about a spin-off of this campaign have surfaced today. The messages of this new variant entice individuals to visit a link claiming that they could win a free iPhone. It then directs them to a page displaying an advertising banner and asking for their credentials, as well as their phone number.

Since there is no obvious gain for the phishers from this campaign, Mr. Cluley speculates that it might be related to an affiliate link system scheme, through which the cyber-crooks are earning a comission for directing traffic to certain websites. He also suggests that users of all social networking websites should exercise caution, because the domain hosting the fake Twitter login page has also been seen hosting a rogue Facebook authentication page in the past.