Sophos Cloud Optix
Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.
Thousands of Twitter users have fallen into the trap of allowing rogue third-party applications access their Twitter accounts, believing that it would tell them how many people have unfollowed them.
A typical message reads:
58 people have unfollowed me, find out how many have unfollowed you: [LINK] #rw2011 #duringsexplease #youneedanasswhoopin
See the hashtags? They appear to be currently trending phrases on Twitter – presumably the rogue applications are using them in the messages they spam out in an attempt to trick more users into clicking on the links.
If you do click on the link you are asked to give authorisation for a third-party application to access your Twitter account.
Don’t, whatever you do, press the “Allow” button. If you do, then a third party is now capable of tweeting messages in your name to all of your Twitter followers – which spreads the scam virally across Twitter and may result in one of your online friends also having their account compromised.
So, how do the scammers make money? That’s the next piece of the jigsaw.
You’re anxious to find out who has unfollowed you on Twitter. The scammers take advantage of that by presenting a webpage which looks as if it’s about to reveal that information – but is actually designed to make you take an online survey instead.
The scammers make money for each survey that is completed.
If you were unfortunate enough to grant one of these rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.
(Note that the scammers are using a variety of different applications – so you may see a different name from the one I picture above).
Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.
If you’re on Twitter and want to learn more about threats, be sure to follow Naked Security’s team of writers.
Today this trick spreads via facebook in a german version:
"wtf Du erscheinst als meist auftrender Profilbesucher. hier kanst Du Deine meist auftrende Profilbesucher finden"
This seems like the sort of situation where Twitter should be able to simply kill the malicious webapp's access to their API. They clearly have no problem hitting the kill switch for client apps…
It seems that people in Facebook has been more informed of these scams so the scammers have switched platforms
One of the television stations here in New York City mentioned this article during their newscast! 🙂 I wanted to read more about it. I used the word "twitter" and found this article. I can't believe that was so easy! I love all the blog posts you guys post. All your blog posts do aware me of the latest rogue apps in Twitter and Facebook. In addition, I love your antivirus for mac. Thank you so much, Sophos!!! 😀