Subscribe
It’s been all over Twitter today – the “Koobface” phishing worm has hit Twitter. If you’re one of the thousands hit, you’ll receive a direct message saying “Hey – check out this funny blog about you!”, and then there was a second one which said “You are funny in this video!” with a link to a blogspot blog, which redirected to “twitter.access-logins”.
If you’ve entered your user name and password into this site – which looks like twitter unless you look closely at the address bar – your information would have been phished. The scary part of this is that most people use the same user name and password for everything from online banking and other services.
Craig Schmugar, a threat researcher for McAfee Avert Labs said that, in general, Koobface strikes only social-networking sites – like Facebook and Twitter.
Twitter has posted a brief warning on the status blog, and there’s a warning at the top of your stream if you’re on the Twitter site (but not if you’re using a 3rd party application like Thwirl).
Twitter said:
If you receive an email notice saying you’ve received a Direct Message with a link that redirects to what seems like Twitter.com, be careful about entering your Twitter credentials. Instead, look closely at the URL to see if it’s not really Twitter but a sketchy phishing site like http://twitter.access-logins.com. If this has you feeling a bit weirded out, feel free to change your Twitter password.
Update: The suspicious site is being blocked. More information at the Twitter Blog.
If you have been affected by the Koobface virus, Facebook has posted removal instructions here.
Schmugar said this attack is similar to e-mail attacks 10 years ago in that Koobface is using infected friends lists, reminiscent of early mass-mailing worms. Just like back then, don’t open an attachment you’re not expecting, even from people you know, and be very concious of where you’re inputting your user name and password.
The moral of the story? Make sure you don’t use the same password for each of your accounts, especially for your banking and other important identity/financial sites. If you’re looking for an easy way to create unique passwords, read this.
(image screen shot caputured by Chris Prillo)
UPDATE: There’s another phrase coming through the Phishing scam: “hey. i won an iphone! come see how here http://helloiphones“. Basically, just make sure you don’t click on any links you don’t trust, and anything that seems to good to be true, likely is.
607 days ago
[...] Buzznetworker has more practical information on changing your passwords if need be if the Koobface virus has become a reality for you. Spread the word: [...]
Reply
606 days ago
[...] http://www.buzznetworker.com/phishing-virus-hits-twitter/ [...]
Reply
603 days ago
[...] have been thinking about this recently in regards to social networking. The other day, a phishing virus spread like an unstoppable rebel force throughout Twitter, stealing passwords and creating havoc as it ran [...]
Reply