homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

Twitter Worm Leads to Hacked Accounts, Spam

 11:28 pm on Sep 23, 2009 (gmt 0)

A worm began spreading through Twitter earlier today, beginning with seemingly innocuous messages that read "rofl this you on here?" and a link that looked like a Twitter video site. Users who clicked the link were presented with what looked like an authentic Twitter login page.

The hackers who gathered login info in the "rofl-video" phase then launched a DM spam campaign inviting the recipients to learn how to make hundreds of dollars a day online. (No, I didn't click either link.)

In each case, the DMs came from a Twitter friend, making them more likely to be clicked on.



 11:40 pm on Sep 23, 2009 (gmt 0)

cannot find this on official twitter blog posts, except couple of news grabbers ?


 11:50 pm on Sep 23, 2009 (gmt 0)

Twitter has had so many security breaches I'm shocked anyone still uses the thing.

Oh well, people still use that swiss cheese called Word Press too, what the heck.


 11:55 pm on Sep 23, 2009 (gmt 0)

But why everyone really follows twitter ?


 1:02 am on Sep 24, 2009 (gmt 0)

I had 1 friend send me the rofl DM and 2 people sent me the make money DM. I clicked on the first link but noticed that it was a phishing attempt. I went and changed my pw.


 1:12 am on Sep 24, 2009 (gmt 0)

There's an email being sent with a related URL. The domain is regged in china.


 8:30 am on Sep 24, 2009 (gmt 0)

I received a Twitter spam DM message about a money making site. The domain was registered privately. I did click on the link, but not through my Twitter account.


 2:13 pm on Sep 24, 2009 (gmt 0)

I don't use twitter, but it sounds like this wasn't security related. Although the application should notice all those accounts being accessed from the same place and block access, but users openly gave out their username/passwords.


 2:56 pm on Sep 24, 2009 (gmt 0)

I'm amazed how many internet professionals were hit by this thing. Could this come from an account without the account holder having fallen for the phishing attempt?


 4:57 pm on Sep 24, 2009 (gmt 0)

One Twitter pal swore she did not fall for the phishing scam, but nevertheless had her account hacked. Was there some other hack at work, in addition to the obvious one? Maybe.

I think it's likely that some pros fell for the fake login screen because of Twitter's normal tendency to forget your login. Even though I always check "remember me" when I'm on a personal PC, I am often confronted by unexpected Twitter login screens. If you are multitasking and not paying close attention, it would be easy to mistake the bogus login screen for another Twitter fail.


 5:00 pm on Sep 24, 2009 (gmt 0)

I think that this kind of attack shows one of the main security 'weaknesses' of any social network:
The inhenrent trust that the individuals who participate have in the system.

Requests apparently coming from friends, etc. They don't treat them with the same caution they do with emails, etc. Only one member the social network needs to fall and many may follow...


 7:20 pm on Sep 24, 2009 (gmt 0)

I took a decision few days ago to block all traffic from the Chinese mainland and Hong Kong to few of our servers, proxy or direct. It was a difficult decision, but I found 90% of spam hitting dozens of large sites coming from that part of the world. I know that the majority of surfers from that great land and civilization are harmless, and only a minority of well seasoned spammers spoil the fun for the Chinese majority, but it had to be done until a better solution can be found.

What happened to Twitter is the price of fame you might say and they should have the financial clout to implement better security rather than do what I had done, none of our sites is as big or worth as much as Twitter. We may have some technical expertise, but we lack the expensive networking infrastructure needed, but they don't or at least they can afford it!


 10:56 am on Sep 25, 2009 (gmt 0)

they should have the financial clout to implement better security

They do, but not the technical talent.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved