homepage Welcome to WebmasterWorld Guest from 54.166.113.249
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Twitter Worm Leads to Hacked Accounts, Spam
rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3994518 posted 11:28 pm on Sep 23, 2009 (gmt 0)

A worm began spreading through Twitter earlier today, beginning with seemingly innocuous messages that read "rofl this you on here?" and a link that looked like a Twitter video site. Users who clicked the link were presented with what looked like an authentic Twitter login page.

The hackers who gathered login info in the "rofl-video" phase then launched a DM spam campaign inviting the recipients to learn how to make hundreds of dollars a day online. (No, I didn't click either link.)

In each case, the DMs came from a Twitter friend, making them more likely to be clicked on.

 

Future

5+ Year Member



 
Msg#: 3994518 posted 11:40 pm on Sep 23, 2009 (gmt 0)

cannot find this on official twitter blog posts, except couple of news grabbers ?
[blog.twitter.com...]

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 3994518 posted 11:50 pm on Sep 23, 2009 (gmt 0)

Twitter has had so many security breaches I'm shocked anyone still uses the thing.

Oh well, people still use that swiss cheese called Word Press too, what the heck.

Future

5+ Year Member



 
Msg#: 3994518 posted 11:55 pm on Sep 23, 2009 (gmt 0)

But why everyone really follows twitter ?
[webmasterworld.com...]

ogletree

WebmasterWorld Senior Member ogletree us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3994518 posted 1:02 am on Sep 24, 2009 (gmt 0)

I had 1 friend send me the rofl DM and 2 people sent me the make money DM. I clicked on the first link but noticed that it was a phishing attempt. I went and changed my pw.

martinibuster

WebmasterWorld Administrator martinibuster us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 3994518 posted 1:12 am on Sep 24, 2009 (gmt 0)

There's an email being sent with a related URL. The domain is regged in china.

sem4u

WebmasterWorld Senior Member sem4u us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3994518 posted 8:30 am on Sep 24, 2009 (gmt 0)

I received a Twitter spam DM message about a money making site. The domain was registered privately. I did click on the link, but not through my Twitter account.

carguy84

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 3994518 posted 2:13 pm on Sep 24, 2009 (gmt 0)

I don't use twitter, but it sounds like this wasn't security related. Although the application should notice all those accounts being accessed from the same place and block access, but users openly gave out their username/passwords.

whoisgregg

WebmasterWorld Senior Member whoisgregg us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3994518 posted 2:56 pm on Sep 24, 2009 (gmt 0)

I'm amazed how many internet professionals were hit by this thing. Could this come from an account without the account holder having fallen for the phishing attempt?

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 3994518 posted 4:57 pm on Sep 24, 2009 (gmt 0)

One Twitter pal swore she did not fall for the phishing scam, but nevertheless had her account hacked. Was there some other hack at work, in addition to the obvious one? Maybe.

I think it's likely that some pros fell for the fake login screen because of Twitter's normal tendency to forget your login. Even though I always check "remember me" when I'm on a personal PC, I am often confronted by unexpected Twitter login screens. If you are multitasking and not paying close attention, it would be easy to mistake the bogus login screen for another Twitter fail.

tenerifejim

10+ Year Member



 
Msg#: 3994518 posted 5:00 pm on Sep 24, 2009 (gmt 0)

I think that this kind of attack shows one of the main security 'weaknesses' of any social network:
The inhenrent trust that the individuals who participate have in the system.

Requests apparently coming from friends, etc. They don't treat them with the same caution they do with emails, etc. Only one member the social network needs to fall and many may follow...

dusky

5+ Year Member



 
Msg#: 3994518 posted 7:20 pm on Sep 24, 2009 (gmt 0)

I took a decision few days ago to block all traffic from the Chinese mainland and Hong Kong to few of our servers, proxy or direct. It was a difficult decision, but I found 90% of spam hitting dozens of large sites coming from that part of the world. I know that the majority of surfers from that great land and civilization are harmless, and only a minority of well seasoned spammers spoil the fun for the Chinese majority, but it had to be done until a better solution can be found.

What happened to Twitter is the price of fame you might say and they should have the financial clout to implement better security rather than do what I had done, none of our sites is as big or worth as much as Twitter. We may have some technical expertise, but we lack the expensive networking infrastructure needed, but they don't or at least they can afford it!

plumsauce

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 3994518 posted 10:56 am on Sep 25, 2009 (gmt 0)

they should have the financial clout to implement better security

They do, but not the technical talent.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved