Again hearing the same agitating news this time from Sophos regarding ‘twitter-hacking‘. IT security firm, Sophos, has warned Twitter users on a new attack that has led to thousands of accounts being compromised by hackers using a Web 2.0 botnet. The hijacked accounts are later used to spread money-making spam campaigns.
They found out that members of the micro-blogging network had posted messages disguised as humorous links, but they actually aimed to phish passwords credentials from unsuspecting users.
It was noticed that hundreds of Twitter accounts started to Tweet out “weight loss” product spam messages. Specifically, users who have had their accounts hijacked were tweeting the message “I lost 20 lbs in 2 weeks!” and links to diet sites (aka the gate towards glorious phishing scam).
It’s not just new users getting caught out: famous tech pundit John C. Dvorak (@therealdvorak) , more commonly known as the one who predicted “The Macintosh uses an experimental pointing device called a ‘mouse’. There is no evidence that people want to use these things.” also got caught up in the attack.
At this point Sophos team were unsure of the cause: Access could have been gained through previous phishing schemes. However, one factor points to a likely suspect: All the tweets are posted via “API,” meaning the spammers do not have direct access to the accounts.Rather, there’s likely some third-party application that’s been compromised (or a rogue one permitted by the users) that’s pushing spam tweets.
Suffice it to say: If your friends start tweeting links to diet sites, ‘don’t click the links’!
I still remember, how i had been a victim of my Twitter account getting compromised, a year back and yeah!, its not that easy to forget it…