NEWS FROM THE LAB - Sunday, March 21, 2010

Screenshots of the Latest Twitter Phishing Attack Posted by Mikko @ 13:41 GMT

Today there's a phishing run underway in Twitter, using Direct Messages ("DMs"). These are private one-to-one Tweets inside Twitter.

The messages look like these:

you should change ur photo u took here - did i tell you that ur here

If you follow the link, you end up to a fake Twitter page:


If you mistakenly give out your credentials, the attackers will start sending similar Direct Messages to your contacts, posing as you.

The ultimate goal of the attackers is to gain access to a large amount of valid Twitter accounts, then use these account to post Tweets with URLs pointing to malicious websites which will take over users computers when clicked.

Lets have a closer look at the domain mhansenhome.org.

The front page seems to be an active MySpace phishing page. Nice.


The good news is that Twitter is already filtering these from being posted, although it's unclear if they are also removing already-delivered DMs.

Also, the Twitter built-in link shorteners (twt.tl and bit.ly) already detect the URLs as malicious: