contadores de paginas web Saltar al contenido

ROFLMAO i can't stop laughing at this pic of you… spam on Twitter

status-falso-twitter

Private messages are being circulated on Twitter that are sent as spam, this afternoon I already received 5 that say the following ROFLMAO i can’t stop laughing at this pic of you (malicious url):

Private message (spam)

The message refers to a funny photo supposedly ours, when you click you access a phishing page posing as Twitter. If the victim does not detect that they are in a false place, their password will end up in the attacker's hands:

Fake Twitter page (click to see larger)

After entering the data, a false error message is displayed that simulates being from Twitter Status (status.twitter.com):

Fake Twitter Status page (click to enlarge)

Once the attacker has the password, they can log into the account and continue to spread the spam, but in this case some users claim that they did not fall for the trap and even so the messages seem to be sent from their accounts.

There are two other ways this can happen, the computer could be infected with some Koobface type malware or some installed application with access to the profile is the culprit (it should be checked).

If you mistakenly entered your password on the false page, try to change it as soon as possible. Update the post when you have more information or discover what happens.

Update 1:

Under the false domain there are several similar phishing pages that were used at different times, one of them redirects to a site where there is a video. For a moment I thought that with that they would be doing some type of drive by attack to infect the computer, but in the tests I did nothing strange was downloaded, it is a page that does a Rickrolling and has a javascript to make jokes in IE (VT 17/44), is unrelated to these phishers.

I also entered a test account password on the fake page, minutes later dozens of direct messages had been sent automatically, the good thing is that all the users that I keep with that account are spam bots, so they received a bit of their own medicine:

Compromised accounts can also post different spam tweets:

What i recommend:

If spam messages were sent from your account, change the password ASAP and warn all your followers not to click on the links! if they fall into the trap this continues to spread virally.

The fake domain (ltwltter) used for this attack is already being blocked by most anti-phishing filters.

Update 2– More direct messages are spreading and use new fake domains as they are blocked. The following is an example of another of the messages you are circulating:

lmao… omg i am laughing so hard at this pic u i just found http://t.co/ms(removed)

Remember that if messages are sent from your account, you must change the password and if you use it for other services, you must change them all.