The DM says: “Hey what's up with this bad blog that's going around about you?” followed by a link. If Twitter users click on the link, they are taken to a page that mimics the Twitter login page. Once users' login details are entered into this site, their accounts are compromised. The compromised account then sends the same DM to other Twitter accounts that are following it.
Timothy Armstrong, virus researcher, global research and analysis team at Kaspersky Lab, says the page users are directed to is a phishing page. “In this case, it appears that the intention is stealing login credentials from legitimate Twitter users,” he says. He adds that the login credentials are used to further spread the attack, through direct messages to the infected user's followers.
“In fact, this particular attack even redirects users to a fake 'site stability' page to further convince users of the authenticity of the phishing page,” Armstrong adds. “All the links on this page, with the exception of the RSS link, go to their legitimate Twitter counterparts. The RSS link leads to a dead page,” he says.
Armstrong says it is difficult to track these attacks to a source. However, he says they are usually orchestrated by organised cyber-criminals, and they originate from all over the world.
AVG says Twitter users who have fallen prey to the scam should take the following steps:
1. The user should change his/her Twitter password.
2. The user should verify that the e-mail address for his/her Twitter account was not changed.
3. If the user used the same e-mail address and password on other Web sites, then he/she must immediately check out of these Web sites and change his/her passwords.
4. If the user's Twitter account is sending out phishing messages, he/she should also visit the Applications tab in 'Account Settings', and Revoke Access for any third-party application that he/she does not recognise.
Our comments policy does not allow anonymous postings. Read the policy here