IT security and control firm Sophos has warned members of Twitter to be on their guard against an evolving attack which threatens to steal personal information from them.
Thousands of Twitter users are reporting having received direct messages from friends inviting them to visit a Web site. Sometimes the lure claims that they could win an Apple iPhone, and on other occasions the messages claim to point to pictures of or blogs concerning the recipient.
The original messages over the weekend pretended to point to funny pictures or blog articles about the recipients:
"Hey, i found a website with your pic on it... LOL check it out here"
"hey! check out this funny blog about you..."
However, clicking on the links would take users to a bogus Twitter page which would steal users' login names and passwords.
Writer, TV star and Twitter celebrity Stephen Fry was among the people who unwittingly clicked on the link without realising that he was being taken to a potentially dangerous Web site although it is not believed that his account has been compromised.
Sophos experts note that, having hacked into Twitter accounts with information gleaned from the widespread phishing attack, cybercriminals are then using the compromised Twitter identities to pass on spam messages to even more Twitter users.
These new messages claim that recipients could win an Apple iPhone if they visit a Web link.
"It would be bad enough to hand your Twitter username and password over to a criminal, as they could pose as you online and spread malware and spam to your friends and followers. However, as an alarming 41% of Internet users foolishly use the same username and password for every Web site they access, the potential for abuse is even greater," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"Twitter users who may have lost control of their accounts need to change their passwords as a matter of priority before more harm is done. Compromised social networking accounts are valuable for hackers as they can use them for a springboard for spam campaigns, identity theft attacks and other online crime."
More information about the attacks, including screenshots, can be found on Graham Cluley's blog at http://www.sophos.com/blogs/gc/g/2009/01/05/twitter-users and http://www.sophos.com/blogs/gc/g/2009/01/04/phishing-scam
Share
Sophos South Africa
NetXactics, trading as Sophos South Africa, is a South African-based company focused on the provision of security solutions. It is the master distributor for UK-based Sophos Plc, one of the leaders in the provision of network access control and endpoint, e-mail and Web security and control solutions for the corporate environment. For more information, visit Sophos South Africa at www.sophos.co.za.
Sophos
Sophos enables enterprises worldwide to secure and control their IT infrastructure. Our network access control, endpoint, Web and e-mail solutions simplify security to provide integrated defences against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, we protect over 100 million users in nearly 150 countries with our reliably engineered security solutions and services. Recognised for our high level of customer satisfaction, we have an enviable history of industry awards, reviews and certifications. Sophos is headquartered in Boston, Massachusetts and Oxford, UK.
Editorial contacts