The malware is probably intended to steal login credentials from Twitter users, says Kaspersky Lab's Timothy Armstrong.
is doing the rounds in the Twittersphere in the form of a malicious link contained in a direct message (DM).
The DM says: “Hey what's up with this bad blog that's going around about you?” followed by a link. If Twitter users click on the link, they are taken to a page that mimics the Twitter login page. Once users' login details are entered into this site, their accounts are compromised. The compromised account then sends the same DM to other Twitter accounts that are following it.
Timothy Armstrong, virus researcher, global research and analysis team at Kaspersky Lab, says the page users are directed to is a phishing page. “In this case, it appears that the intention is stealing login credentials from legitimate Twitter users,” he says. He adds that the login credentials are used to further spread the attack, through direct messages to the infected user's followers.
“In fact, this particular attack even redirects users to a fake 'site stability' page to further convince users of the authenticity of the phishing page,” Armstrong adds. “All the links on this page, with the exception of the RSS link, go to their legitimate Twitter counterparts. The RSS link leads to a dead page,” he says.
Armstrong says it is difficult to track these attacks to a source. However, he says they are usually orchestrated by organised cyber-criminals, and they originate from all over the world.
What to do?
According to Armstrong, the best defence against these sorts of attacks is common sense. “Never click on links from friends if they were not requested or look suspicious. If you are concerned, ask the sender about the message through another medium such as e-mail or instant messenger, or even give them a phone call,” he suggests.
AVG says Twitter users who have fallen prey to the scam should take the following steps:
1. The user should change his/her Twitter password.
2. The user should verify that the e-mail address for his/her Twitter account was not changed.
3. If the user used the same e-mail address and password on other Web sites, then he/she must immediately check out of these Web sites and change his/her passwords.
4. If the user's Twitter account is sending out phishing messages, he/she should also visit the Applications tab in 'Account Settings', and Revoke Access for any third-party application that he/she does not recognise.
Our comments policy does not allow anonymous postings. Read the policy here