Home / / Twitter worm tries to dupe users with DM ploy

Twitter worm tries to dupe users with DM ploy

Direct messages from friends say ‘haha. This you??’ along with malicious link

Twitter worm tries to dupe users with DM ploy
A Twitter worm is sending direct messages from 'friends' containing a malicious link.

A new Twitter worm is staging a phishing attack by sending direct messages (DMs) to users along with a malicious link that opens up a fake Twitter login page.

The worm is thriving because messages are sent to users by their ‘friends', with the message - ‘haha. This you????' along with a shortened URL that's designed to direct users to a fake Twitter login page.

"It is likely malicious....Once you log in, your credentials will be stolen and all of your followers will receive a direct message from you with a link to the same site, allowing the worm to further propagate," explains Robert McArdle, senior malware researcher at Trend Micro.

According to a study by web security firm Websense, as much as 95 percent of user-generated content on the internet comes with spam or a malicious link.

"Doubtlessly, at some point in the future, the cybercriminals behind this attack will use the same stolen credentials to send out other malicious content from a huge number of compromised Twitter accounts," McArdle warned.

The malicious link being sent through the DMs redirects to: http://twitter.login.{BLOCKED}home.org/login/ which is different from the original Twitter login page.

Most anti-virus software and browsers are now protecting users against this worm by blocking access to the fake site, but people are advised to pay attention to URLs to make sure they are genuine before typing in their login credentials

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.