Just in case you haven’t been paying attention, you should know there is a worm spreading rapidly across Twitter via direct messages. If you receive a dm along these lines, “rofl this you on here?” followed by a hyperlink – don’t follow the link. Since the dm probably comes from a trusted friend you might be inclined to do just that; but, we urge you not to…here’s why:
If you click that link you will arrive on a bogus but very convincing Twitter login page and asked to sign in. Once you do that, the phishers will start sending dms to your followers using the same tactic.
There may be several versions of the direct message going around but the consistent features seems to be the term ‘rofl,’ the link, and the source will be someone you follow on Twitter, so be careful.
If you have already responded to this ploy your first line of defense is to change your Twitter password immediately to stop the flow of the worm to your friends.
We’ve been researching to find if this new worm does anything more than hijack your account to multiply itself, but to date we haven’t found any reports to share. If we do we’ll update you ASAP.
As Twitter has gain popularity it is increasingly becoming a target for the types of attacks that have invaded our email inbox for the past decade. Which begs the question, what can we do to protect ourselves? Our friends at F-Secure Internet Security have shared a few really good thoughts on that exact question. Here’s an excerpt of their recent post free F-Secure Health Check. Internet Explorer only.
2. Trust but always verify
In about two minutes, you could create a Twitter account that impersonates almost anyone living or dead. Twitter has added “Verified Accounts” for celebrities, but no one is really verifying if that page was really put up by your co-worker Stu. That said hackers probably aren’t going out of their way to impersonate your co-worker Stu.
Give any Twitter you’re thinking of following a careful scan. Check if there’s a respectable image; make sure all tweets aren’t entirely repetitive self-serving spam; see if there’s a reasonable follower to following ratio. Then, if you have an interest in their Tweets, follow away.
But don’t let your guard down.
These are just two of six detailed suggestion on their website. You can visit the F-Secure website for the full details.
In the meantime, we are curious to find how wide-spread this worm has become. If you’ve received the suspicious dm please let us know.
{ 1 trackback }