Beware of DMs
E-Holes are coming out of the woodwork -- or shall we say the worm wood? Remember last week's dastardly Twitter DMs? Seemed pretty easily fixed, right? That's because at first we thought all those spammy Twitter DMs were the result of particularly devious "phishers" who persuaded tweeters to click on links which then whisked them to bogus sites. Once there, the duped would be asked to enter their username, password and other details. Thousands, it appears, have received Direct Messages like this:
hi, did you do this quizy thing?
I found you!... http://wxarxl.com/xxx
You're on here... http://dwarfurl.com/xxx
Let's find out if your IQ is higher. Here http://clubquizesiq.xx
hey. i think ur on this
This thing has your vid.
Direct Messages are especially insidious because they tap into your trusted relationships -- and even more deviously use Colloquialisms to further dupe the recipient.
But if you thought this recent round of Phishing was bad news, now PC World reports that Twitter is being targeted by a new Direct Message attack. New York-based PHP and application security specialist Chris Shiflett says that he strongly suspects there's a new variant of the Facebook worm Koobface at large, which searches for users' session ID cookies. These are set on users' computers when they tick the "Remember Me" box to stay logged onto Twitter. While the exact scale of the attack isn't known, anecdotal evidence suggests many thousands of people have been affected and have had their accounts compromised.
Once it has access to the session cookies, the worm can log on to Twitter and send direct messages to the followers of the user whose account has been compromised.
An application and development specialist at an Auckland software house where Twitter users were inadvertently spamming their followers multiple times spoke to Computerworld on condition of anonymity, and says his company's IT security staff suspect a new variant of Koobface as well, one that antivirus scanners have yet to pick up.
Complicating the issue is the fact the worm has yet to be found -- the specialist says it appears the worm deletes itself after finishing its programmed task. However, the modus operandi of the worm is similar to earlier Koobface attacks, the specialist say.
Apart from a primary payload of infecting further machines, the worm appears to be sending out direct message spam for a Premium SMS "quiz" service website, aimed at US customers. The service has a minimum charge of US$4.99, and a US$10 a month continual cost.
Koobface runs on Windows only.
Comments
Thanks for this concise report on exactly what's happening with the Twitter DM's. They are nasty, since the short message length produces terse notes, it's hard not to click on the first couple.
Thanks, my fellow Brown, for reading and commenting. It's so disturbing that this has moved beyond annoying to damaging. We all have to remind people not to click.
Got something to say?
Examiner.com is looking for writers, photographers, and videographers to join the fastest growing group of local insiders. If you are interested in growing your online rep apply to be an Examiner today!