Twitter gets targeted again by worm-like phishing attack

TwitterCut Web site harvested account details but now claims it had no intention of phishing people

Twitter users have been tricked into divulging their login and password details to a Web site that then spammed their contacts.

The culprit is a Web site called TwitterCut. Some Twitter users began getting a message that appeared to be from one of their friends and included a link to the TwitterCut Web site. The message implied they could gain more Twitter contacts by following the link.

At one time TwitterCut looked quite similar to the real Twitter login page, said Mikko Hypponen, chief research offer for the security vendor F-Secure.

If a person entered their login details, TwitterCut would then send the same message via Twitter to all of the victim's contacts, a kind of phishing attack with worm-like characteristics. No malicious software is installed on a user's machine, Hypponen said.

Although TwitterCut probably holds the login details for many accounts, it doesn't appear those accounts have been used to spam out links to more dangerous Web sites.

TwitterCut's Web site has been reported to services that blacklist potentially harmful Web sites, although it is still active. In a warning message now on TwitterCut, the site's operators said they didn't mean to phish people.

Instead, they say they were trying to create a so-called Twitter Train, which are sites that purport to quickly give Twitter users lots of followers. They said they bought the login script on their site for US$50.

"We were not phishing Twitter accounts whatsoever," the message said. "We're shutting down this site."

In an interview later Wednesday, one of TwitterCut's operators said the site had been live for less than three days and hadn't been decked out with all of its features. But TwitterCut was indexed by Google's search engine, which brought a flood of Twitter users, said Jordan Embry, who lives in Owensboro, Kentucky.

TwitterCut's site informed users that it would send a message to all of their friends, which meant it would not qualify as spam, Embry said.

Embry has since e-mailed Twitter to say that he meant no harm. He plans to scuttle the TwitterCut domain since it appears to have been blacklisted. TwitterCut did not retain the login details of the users, Embry said.

However, Embry said he's still interested in creating another service that lets Twitter users gain a larger following since it could make money from ads. TwitterCut got 9,000 unique hits just on Tuesday, he said.

Hypponen said Twitter should be on the lookout for signs of spam, such as when an identical message appears hundreds and hundreds of times across users' profiles that isn't a "retweet," or the intentional reposting of other content.

Twitter could also screen URLs (Uniform Resource Locators) to make sure they're not already blacklisted for security issues, Hypponen said. Many Web browsers as well as search engines will either warn about or block suspicious Web sites.

Most URLs posted in Twitter have been shortened using services such as TinyURL in order to fit in the 140-character message length that Twitter imposes, obscuring the real destination and making users dependent on the trustworthiness of their friends when clicking links. The service was hit by other worms earlier in the year.

Twitter acknowledged the phishing problem late Tuesday night.

"We are currently pushing a password reset on accounts we believe may have been caught in a phishing scam," the company said. "Please exercise your best judgment when thinking about releasing your username and password to third parties."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags twitterphishingwormtwittercut

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?