MUMBAI / BANGALORE, India – February 22, 2010 – IT security and data protection firm, Sophos, is warning that a major attack against Twitter users this weekend was designed to steal passwords and use hijacked accounts to spread money-making spam campaigns.
The attack, which is ongoing, began on Saturday, as Twitter users found that fellow members of the micro-blogging network had posted messages disguised as humorous inks, but actually aimed to phish passwords credentials from unsuspecting users.
Messages, which began with phrases such as "Lol. this is me??", "lol , this is funny.","Lol. this you??" and "ha ha, u look funny on here", were accompanied with clickable links which redirected users to a fake Twitter login page hosted on a website based in China.
Sophos has made a YouTube video, which journalists and bloggers are free to embed on their own websites, demonstrating the attack: http://www.youtube.com/watch?v=cDSskvrUw_g
"This phishing attack has been causing headaches for Twitter users all weekend, resulting in thousands of users being put at risk of having their account broken into," said Graham Cluley, senior technology consultant at Sophos. "The cybercriminals behind the attack are creating a zombie network, or botnet, of hacked accounts that they can then abuse to spread spam, distribute malware and steal identities. There's nothing funny about the LOL attack - you have to be on your guard against clicking on the dangerous messages. if you've fallen foul of it, or find direct messages in your Sent box that you didn't send, you must change your Twitter password immediately."
Sophos researchers discovered that although the main wave of poisoned messages has been via private direct messages between individual users on Twitter, dangerous links are also being posted in public feeds. This means that innocent users can stumble across the links even if they are not sent it directly, or even if they are not a signed-up user of Twitter.
"It appears what is happening is that the messages are being shared more widely because of third-party services like GroupTweet which extend the standard Twitter direct message (DM) functionality and allow private messages to be sent to multiple users and optionally made public," continued Cluley. "This has resulted in the bizarre site of Twitter accounts warning their followers about the phishing attack, only to subsequently fall victim to it themselves."
Sophos has identified that the phishing campaign appears to be already bearing fruit for the hackers as they are now distributing spam selling herbal viagra from the compromised accounts.
"Unless the hacked Twitter users change their passwords, the intruders can continue to spread spam and other attacks from their hijacked accounts," explained Cluley. "Cyber-attacks via social networks are becoming more and more common. Sophos Security Threat Report revealed that there has been an astonishing 70% rise in the number of users reporting spam and malware attacks via social networking sites."
Follow Graham Cluley on Twitter: @gcluley. Graham Cluley is available for comment on +44 (0)7990 552181. Graham Cluley is recipient of two most prestigious awards in this knowledge domain: ‘IT Security Blog of the Year’ (http://www.sophos.com/blogs/gc) and ‘Twitter user of the Year’ (http://www.twitter.com/gcluley)
# # #
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use, and that deliver the industry’s lowest TCO. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs—a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards. Sophos is headquartered in Oxford, UK and Boston, US. More information is available at www.sophos.com
No comments:
Post a Comment