Twitter users must be cautious following the discovery of rogue applications designed to help scammers earn money by spreading links that point to online surveys, says security vendor Sophos.
Following attacks this weekend, which saw users spreading messages about a girl who killed herself and how addicted they were to Twitter, new scam messages are appearing.
These messages claimed to count how long users have been members of the social networking Web site.
Offending tweets contain a variation on the following text, with the amount of time shown differing between users: "I have spent 379 days, 9 096 hours on Twitter. How much have you? Find out here: [Link]".
The messages, posted by an application called 'Your online timer', include a link which - if clicked on by other Twitter users - will encourage them to authorise it to access and update their Twitter accounts, Sophos explains.
If the application is approved, users will be taken to a Web site which claims it will find out the time spent to date on Twitter.
The page pops up with a survey that earns the scammers money for each questionnaire completed, and without explicit approval, victims' Twitter account statuses are updated, spreading the link virally to other Twitter users.
"Viral scams like this one are commonly encountered on Facebook, but are now being spread by their creators to Twitter.
“It's possible that the people behind these attacks view Twitter users as a softer target who may generate more income for them," says Brett Myroff, CEO of regional Sophos distributor, Sophos SA.
"Social networks have a responsibility to protect their users from scams and spam, but ultimately it's down to the user to think very carefully before handing over the keys to their social network account to an unknown application."
Sophos advises that those affected should revoke the application's access to their Twitter account without delay.
This can be done by entering Settings/Connections and revoking the rights to the relevant application, it adds.
"If the application's access to your account is not revoked, the scammers could use it to spread other messages, potentially including links to malicious Web sites, phishing attacks or other spam campaigns," says Myroff.
"The last thing you want is for your Twitter followers to believe that you are being careless with your account's security and potentially putting them at risk, too."
Share