S ophos, is warning that a major attack against Twitter users last weekend that was designed to steal passwords and use hijacked accounts to spread moneymaking spam campaigns.
The attack, which is ongoing, began on Saturday, as Twitter users found members of the micro-blogging network had posted messages disguised as humorous inks, but actually aimed to phish passwords credentials from unsuspecting users.
Messages, which began with phrases such as “Lol. this is me??”, “lol, this is funny.”, “Lol. this you??” and “ha ha, u look funny on here”, were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a Web site based in China.
Researchers discovered that although the main wave of poisoned messages has been via private direct messages between individual users on Twitter, dangerous links are also being posted in public feeds. This means that innocent users can stumble across the links even if they are not sent it directly, or even if they are not a signed-up user of Twitter.
“Thousands of users being put at risk of having their account broken into,” said Graham Cluley, senior technology consultant at Sophos. “The cybercriminals behind the attack are creating a zombie network, or botnet, of hacked accounts that they can then abuse to spread spam, distribute malware and steal identities. There’s nothing funny about the LOL attack – you have to be on your guard against clicking on the dangerous messages. if you’ve fallen for it you must change your Twitter password immediately.” The phishing campaign appears to be already bearing fruit for the hackers as they are now distributing spam selling herbal Viagra from the compromised accounts.