Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Twitter Hit by New Phishing Attack



 By: Brian Prince
2009-09-23
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Phishers are targeting Twitter users in a new attack involving direct messages sent to Twitter users containing a link to a site requesting user log-ins.

UPDATE: There are reports of a new phishing scam making the rounds on Twitter. The attack seeks to steal user credentials by sending tweets out with links to a phishing site. The attack site requests the user's log-in information; once the attackers have that, they can take over the account of the victim and use it to send out more messages.

According to messages from Twitter users, the tweets with the link to the phishing site have to do with the sender supposedly making a certain amount of money. Researchers at Twitter reported finding malicious Tweets with the message: "ROFL this you on here?"

Just like hackers like to comandeer poorly protected PCs to form a botnet from which they can send spam campaigns or spread malware, so they are increasingly interested in doing the same with social networking accounts, blogged Graham Cluley, senior technology consultant at Sophos. They know that computer users are more likely to open a message or click on a link sent to them by what appears to be their online friends and colleagues via a social networking site, making it easier to launch financially-motivated attacks.

Resource Library:

Such periodic phishing attacks on users of the popular microblogging service have become a fact of life. In May, researchers at Sophos reported that a number of Twitter users were lured to a phishing site via a tweet with the message: "check this guy out [tinyurl address leading to the attack site]." As was the case in that instance, URL shortening services are increasingly being abused by attackers to mask the Websites they are sending their victims to.

Besides drawing attackers as it has grown, Twitter has also gotten the interest of security researchers, as shown by the "Month of the Twitter Bugs."

Twitter warned users about the attack, stating in a message: "A bit o' phishing going onif you get a weird direct message, don't click on it and certainly don't give your log-in creds!"

UPDATE: This story has been updated to add information and comment from Sophos.





  Reader Comments: Twitter Hit by New Phishing Attack
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


x}ks㶲*Q3CO#dKeXVi) SIV˭_HK~L&w6Fh|GgoD.}dqF 3xpI}"I{C(7GSo92tuk9%G jY\7R}Fw2'v-gPۧnC[(V;Y|u}Jr,Neo;۞Bdu#;ReQcoG(ǚy >%%"C N^mC!oU: _T_#d̨&/̻Zh-Aho*K.Lr5&@Sk~$M ђ5ņ])!edFS۸Ņ/^ P%!P_.[jFTwIQR%w{lr!DKI88{FNRMGsU W4,.k8Nn֛usIVt]V;w{R?k5[Mһ^[0*>c]f",VQqsuXSt*t~,Vr*ǿ@8ʍ/?1B mLX_X~^?/5t3|FGbV{>:AG:ڴb{\禯S4!>ho4ح.,=J!pňz7gԛr!F#mq=@w&>P6=ol2w9;-L&w& 0`D7wCPb1LTE=P/@Xtu'(XsP lmN7-}hZ`1 .- JÜ%;r#Ea1 C7 dRJ 4җG!-i]R@Az6W? -;,rr 0#!bT['9Tv{B#™8Tz(΍fR1ab -d[b|l eV&vϏalZLbo6], S lo3-mTlkVd y|&syj尤v R×U^?uwLҶǮ}]2]& 7R'~X+/MÄIc¦)M=C3^ ~SZ]x01ELdk6q/m}f0ƱB1[0 ]gƠtOP#'Ի ,;N/=҇1 4fכ fd50J%gYA3'| @]8>+WMPÃ"`"+42[=! = Lw(6 g;lNrB@S*,lLj@lfmdz?GwMRd0uf6q :3Xh8GC4v eim$֚&G^u 9R@{6+mm :$@Ȱ\ͩ/Saԍ 5F"b j7{p.lU6Ka4lJ Ϳ|1ؤ#Ľ~K*+#SMoZrijXLx[6Y`aPeQ@IIrIj1uO9MKױ("[fln: 6)8_y8!6$3:^D&ҧV +xZU S=#kQb7|OE30cŠ%lDw9g*tln²익ה]!/_8g׭y+@*: 0f&6XcӢgZ4¿wk#RLSH8KJAU#/㴟`s@M$ knV2 &K-cY}6euEmKı4st%14hO™9f1|*j0"B(Vy{8h^p~^xmjr]ilu0q`( Z3Ke9Cb+[L,*I-qۻ(S'&;Al˘Oc)cpI,_V :0!/P\Q-W0.#_L_LU1(TnQE^~q VK Ŵ밢zX}Qː 0gted{- IR-ʪZJs /?2:ƛS:9pc~yO?3c`jPz;ܮ;C%s3/Gx/1h'0NS3 +RUs5 ň 2)N<:arUTՖn wOGA.CMtAkߛ, ܠI 0ԴgKZ-6,?A@ |~KW*4Ӥ-`"KjZUv~qe(ޒQ' Cŕ9 φ]1j>̌k}\SaW֢ݬ`fB[$ zTÈ {qĆZ ZYMf>o|렀6R!%r7`oj#ś_EnMsU-<s;D'r/=䯦kQ!܏s<^# u"w]մR뿭_#d&T~#\fd|g^a+7\1˓~TS#e7oQ*X 6MУ''~ "m{D9db:1Ki>G?9dN Hk93NQ&grf>rf;9Qo@Hms0 `;07$0|[JI) `uVDZ)z9HG].46lz |q>qŏh(UrHG!I(uO( EGIռi0RBE-)1BoE6 ZdmF,: -BKτkwx~E 6-2j>kR>,OeF3q1 8@X=x}dlj>gWՄθe `0O?-8NVum4tX"5HdVV5XI0iUI+T Z} 2aӃU^UN&2&SSM ל8_arOn{W9G`>xHnJ墦Ak R;~O;a#1G##gD>)j.eѓEO.,JpX8^HX9H(PK,rޏGɷo>҄[#aV*{S7x^.RC+cI` |Jce"nxB*311fsq`~Ъ%bl {9"b{h6ۗkmu8-odhIvN}R|I}ڽ^C|}ْXG+΃  EKB6<up6i)1eڎ7M ,#zya̍ ^CZJ@Iy}^7[לY0z%B3pqXrsdQ6n4l /q Bfͯ|CAJΎy(b r H)'4mv9<̝\b/AhpC*QW*Eh5N |FϚu3_f| Rt<~UrڿHעo1Ir}J_cNfo4~ ɮPRpLUas\l"݋B2^'28/=h)9 ޏIE/pQZilu zsDhDS9kթ-8iKly0;Ɩs` $)Bz*$0m0겨uC$L<1GN)&tJsQ8 z>RB'TIո'*8I5F4A2 uI@? Mx4HPWhd$lAzW jc]e /.iw6D2zL`ql)ZA"| Nr >m\`e>beOvIBiIg+y-EY-VҼ ɏhA%: 3e>Z & 2z/г^wgZmyq\=v6lN*pb,_k==˲yӅcdojw`{ ~{Oj9Л3}I& DucJA0پ9^g@t)cf ^]ު宅MZ%7hBqX6r gcBxZa1z8rfic?%>i\[פqj`~%X@oAtyycs6yO>4dwD78#M[wzzMYdasfo?c_VVyP1n'lLgI"ɫ׺7=o\8%'+xt42ӂQ/nV (f~\;pGڠEcmmf]ݸg[f1vyfo}|z}& ~ ]=PI=w)~=Ғ(r_ZDNq5V"{QI9*x}=J`TTy^Av`#۠RYXdbQ֛ef7cŸ@!{ RbOћΑ}l&Ƕs$9grЇG 8T8x l|7t5%pRx65y(h4Rwgl9lv4W -;z' ZYOXW+O:?_LWc+YT>9b[&0q~nO+ChE ^+W+GEpY|m~D"~×1Y& D aPk7WkJTovo@R|OXf=PTLk.US礏ڦU0:)OAD]Igô$Rw!}ZX0,0!I{sKHڡze!b8) #A%h>&f< PEp)'%4 oP&%UQ ^^0HIES$Rېu]kXJNO2Tdk0 S_{ l6Dm%=u|}s Xap'wuҥR*D$"eXk7ꬰٶĨVwӔmYt<qgR9 -?Px' *`6ob.pL8`NgmF=ߑgxcDt,>uE]DZQƁ//C_߽B՟ `K.|1iegz\ #h)I%`,a`0ÙǍf\p@pDe/Cځ_ْo*_jJ}"Ĵ@RL<Bis w:TZ SkiNF:˥Ru:51OuV0o*KīV̞lNwpύ^=l?~t׸2BIE[צwF(Hb%}sM17=}o[K=">8t}[ :xJ,  =ee@pË$5;T~}cJ !~,]:ulQ8&{`J1{Zt:jG0G. hDvz}D{J_ T0!Q_{-RGonD x+BԜC-𛷿c$d;ɜLHj~ж}A˽=V43 mY[`}؜mYj>*ZZسKg]˻6%!c5 n'iwѥz[ з' TR 4\A+q錃qlr$ f3&e< ,,~Slg%=>["98Z#O~_:#z] s瘣7 Obz/EҶ mX{l- '*`5>]NړɎ!N:p{8R[xv1ȻC1Q7˜Etu#X S^ ?c@q*{o(R~zX67͚ ~VxrӕT9T7F_@gn-&`!~"E4&WH_ϰ_tIw=&ǝ\ߣ&Y?`zCPGn3ӻy1v2Ga) alnW$¤t'O|6dQ?\(p EWObW{[= ]nmO6=aˊk-('>? E:^ۏoW 1ŢW g~@]X(l7hF] ;ްBXuE? w"wKZ4!%Z ccWF%1z J 0+CX^q'T3&Bo~ 긺Zoa _"2VGBA8AXJXD Ňޟ K#j#AKf\lǝZ׃A}N"F dѴ.M16\RVrn\w;El7AFZ?d_b~$R.gI*.A4`},k\%26pZX+(%\;u4:}yjUS*ZYR×X챫0J5cNNJV\Q':Tg~祒V,TˉtZș"fR`nKߜQFLT:<}Q-DR!"&zX6G>- GPl9 c{_[ w5Ws>,mԮ}1f"FbW{0޻K{IV^I!G,al*;_a#i*Qwm[*%{EBMh>#Ծ3]F+{^n9&z.z{!ǰ̲׬Yql[0$%09 @\um2h꾎DқSq߶~-J}9|l'՚,oKNʴUh9&mFRxw<6 4ƹL(җ?rRHע s;!|kZ7/{ʡR0F$u2Dt0\3*%rH@9 dU _{=&jƄ[v’ 5" |CL3#H 1Ř!b|^ô kfĘ1{$m<4g6Axr|궯[/ T6!1gKi>'_@q% DjbTq<(!*@[`g*o#cn Q&@͍ؔ$u~KBQ6w<`EP&00a|Logcv?]5:>fy5KޙS>񖃠ZEQp#ߛwSXmݜ(8j1)t/HzsBjxaFj|?Sd'( @Ka1c~PoVR$0 >(>gٕa)XUK3ʗFy5iV>NWv.7xF ڀ[0ju'tNϧݫgu.^ yh5ۼ76/*Ӟ/Q9ltZNYPʙ`Q{µ,% E*wGE Gcqu^Sg||#Ue3DM@ +:Ll+E=fiԊjm9Gj:ٙ%/朜: Σ}uR\js@1@C| k]N{{_m\;^d@/P~^~NmdwQO/o S(?M/?e=>czy;W?ozQ3CL2oge">vNtw~' >зAЧAg'?; D'(Q~dwQ{1 ?s w1~]O7CtAt3U\W_\gOA?}OP))~2w7Y7{dwN2!(odY NoT8'\$_JeYW@a uyQ~@yJ2,c2\.ː2s;[?[NBX\jrr+^fiQ -{}h}o0W^D/Fli?AQq. 3l?V ][[,Oнٺ{' Jݓs+z`~cn 1پWߕ\~UnU+tBL1U]ȜHǣȜn1'K"X|a21'KYkwe,< snALTm2\pmঠѮ34OW}vnm;yp#^X;T߰;Yo%P/CIsgeǃf.ţu>T6l< 6|a3[ ňC/s Hx_=,+Og5>N?^S߭Һl\ [졽 쓥/>g~3gXV)pF ;F,Rk|c ,>)h5z#9jhN_i{N|7a3L |1EM++J9wwrνY〈b`K:"&T8`rXrF(B4|O۴W ]7c yVi8an[C#D`5~D@NLD|_,mJf`0,|yg4m#(2)1+1@e^"q0*j1d%a<sVm|LڸAÆo^T;c \;=3; gⷳdy0\9kh@Yh {xqW\Sa /g\ЫHGO$s$ R8=fՇ^" 0luy=M*zԿw[ . " n+aeLZAi=vAZ܅2f]? v7i\D_f]32o§On3F W(4>'޺}ckd5Mk+P N_dvO~%B+π 8>eC[gI2T~kF]*؝-OV*v]K=|Md󞣾/+2bŏm#HYU_;@o#$Cb9G(]! ""_S a{kl`v0zN]?N"? `nwfںmˎȅW0p$n<)O?5'[nMG\)U`0v4`e8Σ^p穎TU|Al>cx Lw}.E벸*| l~$_xƪ~SAxr=&=Km` G&̖$߀)0tuw 9@/7Ak| r@c]Ta߂^\fޒhџfN.JTnbbqI3lsw6G\I Dx +z ׳;<v7/M7ek[$| _[0~OX+ʕbA,\C 7tl#NgsZP_Hv(Tx35`GYM`+r8ǩc[6mx uue!*/0:SӏUx.ܫlׁQ#6l#* XGڢ^*NOs^+S9sQaW_<"+ v$п9V0|6,cy#}c\ ^f+72#" $(f6I{{AbZ XǢWQTR2!; /k`4bGP1,KQv7}`N*)Asa#El ;ApN7WeKS<"Y8.|L x%L+DvdzU ZT12Mo,ckV"K1K= >`5>gvC%=wBMhcy0ѕD1F(-f,1s,@]փ Wv4<5T<nh1)d'kEI'60MÄr}"5poq-~eיJpK8 g! X^Zˉȩ0v}_|JѬd;j +z %ʧ=I~p v0,#ŠN|]v1^ʳe_:ktxH%Dݑn`g^VPvQ Ke?ssTSVGvb$- {\ɡRvsF'eh|N!6Kq^ΦK+5Ç}>$m&l 2)v}md-c6C-{/*