Sophos Cloud Optix
Starting early this morning, we have seen a major uptick in the use of Twitter links inside spam messages. Here are a few different variants of them. Most of the spam refers to online med sites although a few campaigns tout making lots of money:
Following the links will lead a user to arrive at “making-money-with-Google” or Online Pharmacy sites:
The Twitter accounts themselves appear to be legitimate and do not look to be bot-registered. They contain normal-looking tweets in the previous days and months. We’re still looking into how the accounts are compromised. Certain malware such as koobface would steal Twitter credentials. There is also the possibility of the accounts credentials being compromised through phishing.
As for regular users, it’s important now more than ever to scrutinize the links you receive through Twitter. Today these links point to spam sites. Tomorrow these links could be pointing to malware.