Published:
November 04 2009, 09:15 AM
by
Benjamin Googins
(This blog was prepared and written by Kinnar Kumar.)
We all know how popular Twitter has become in recent days. It’s one of the wonderful ways to keep updated with the happenings of friends online. The name Twitter was apt as it allowed people to quickly ‘tweet’ about themselves to others. There is a saying that every good coin has its flip side, well Twitter had its share too. It has been used for malicious activities (scams /spams etc) since long.
In this blog we will look into the latest scam/spam that hit Twitter yesterday, which spread with some spam ‘tweets’. At the time of publication, this scam is pretty active.
We will take a detailed look into how spam ‘tweets’ can lead a user to a potential ‘scamming’ site. It is my hope this blog will act as an advisory to all who are using Twitter. ‘Tweets ’, from various hijacked accounts, claimed “making money online with google” (like figure 1) surfaced yesterday. Going by the number of similar ‘tweets’, the number of accounts used for spamming seems to be huge.
The Abused Shortened URL
[Figure 1 – Social engineering campaign of malicious tweets]
Spam tweets always take advantage of the shortened URLs which can easily deceive the users.
See the example below here I gave the long URL as https://abcd/efgh/1234/company.com and the shortened URL returned is http://bit.ly/4ubCuL:
[Figure 2 – Sample shortened URL]
The links in the ‘tweets’ redirect to sites enticing users to further check it. In this case, the offering is MONEY:
[Figure 3 –Web page redirection for spam tweets]
When you click one of these links or enter the information required, it redirects to more sites wanting to get your personal information. Please see related images below.
[Figure 4 –More social engineering tricks]
or this one:
[Figure 5 – Getting personal information for $1.95]
This page asks for your credit card number and other personal details. We think by now everyone would have got it that it is the scamming attempt by some people behind the scene. Once you enter your personal information your data will be transmitted to the location where they want it. Then they can use it as and when they like.
Reloaded Spam Tweets
When I went back today to take a look at it again there were ‘tweets’ which made offers like, ‘How To Make Money Online With Ebay, Yahoo and Google’ so these guys added Ebay and Yahoo too in the list. (See image below). This shows how actively the fraudsters are tweeting and updating their message to hook new victims.
[Figure 6 – Spam tweets]
When you click on this it redirects to a new page which claims that you can make money by adding followers to Twitter.
[Figure 7 – Another redirection website]
After the data required was passed on, it took me to a new page with the same motive, to get my personal information (see image below). These examples clearly suggest that these people are quite active behind the scenes as they are changing their techniques for scamming.
[Figure 8 - Cashing in on spam tweets]
Social Engineering Campaign
These people are taking advantage of the weak job market and the lure to get some quick money in these tough times by offering Twitter users job or money as bait. The scam uses convincing, relevant messaging to try and lure users such this example below.
[Figure 9 - Yet another lure page]
When I clicked the ‘free google kit’ it got redirected to a similar site as we have seen earlier in the blog.
Until now, we haven’t observed any malware being dropped or present in any of the scam links, but this could change in the near future. This blog is meant as a caution to the users of Twitter. Please follow these steps to stay safe as advised by many Twitter users today in Twitter.com
- Don’t click links in Tweets if you have any doubt about their validity, even if the Twitter DM (Direct Message) is from a friend.
- Check your Twitter account and change your password if you think your account has been hijacked.
Further Recommendations
As always at the end, we recommend that you exercise extreme caution while surfing the Internet and in downloading files, and that you always keep your CA Security Products updated with the latest signatures.
*Please note that some results/links have been obscured for safety reasons.
**I would like to thank Senior Researchers Benjamin Googins and Zarestel Ferer for their invaluable guidance.