Security expert Janne Ahlberg shares some insight

Jun 20, 2013 13:54 GMT  ·  By

Twitter appears to be helpless against the recent wave of spam messages advertising a shady miracle diet website. According to reports, the campaign is far from over.

Security expert Janne Ahlberg has been closely monitoring the spam run and he has found some interesting things.

According to the expert, the spammers are hosting their scam websites – which attempt to replicate the site of Women’s Health magazine – on several domains, such as: womenshealth.com-expo.in, womenshealth.com-wen.pw, healthywomen.com-garcinia-diet.net, dieting.com-articles-diet.net and womenshealth.com-lifestyle-article.net.

Ahlberg has analyzed all these domains and has found that they’re registered to one Edward Johnson. Johnson’s email address, [email protected], is linked to several other spam campaigns and other malicious activities.

So far, none of the domains appear to be serving malware, so this campaign is either only spam-advertising, or perhaps some actions have been taken to prevent the actual malicious intent, Ahlberg told Softpedia in an email.

Another interesting aspect about this spam campaign is that the individuals that run it have started compromising Twitter accounts and abusing them for their malicious purposes.

Several users reported that their accounts were compromised, after tweeting the spam posts. The accounts in question appear to belong to normal users who have nothing to do with the spam run.

However, somehow, the spammers are hijacking their accounts and abusing them to spread their messages.

“I remember seeing people talking about suspicious DMs related to this spam. But I cannot be sure if the accounts were compromised via DMs or just due to weak passwords,” Ahlberg noted.

“It is hard to say if Twitter is doing something besides expecting users to report spam. I have not seen any warnings etc. - just a huge amount of spam: during a busy day, there could be about 10 tweets per minute from 10 different accounts - and I was only observing one of the links above,” he explained.

“One reason this continues is that some users react to spam by retweeting - or quoting in case they want to ask about the spam: every time user tweets a spam link for any reason, (s)he is doing a favor for the spammers.

“Twitter tools are easy in this sense: report account for spam & block. Of course that could be difficult if the spam tweet originates from a known friend or follower.”