Tuesday, March 15, 2011

Twitter On Line Timer Scam Spreads Virally

By Cesar Ortiz
Following suit with other attacks like the “Girl Who Killed Herself” and the “How addicted they where to Twitter”, scammers are now using the “I have spent 379 days, 9096 hours on Twitter. How much have you? Find out here: [LINK]” scam. The hours spent is variable as part of the deception. The messages, posted by an application called "Your Online Timer", include a link that if your Twitter followers click it, will encourage them to authorize that, "Your Online Timer" should also be able to access and update their Twitter accounts.
The next hidden step, unknown to you and without your explicit approval, will be that your Twitter account will be updated with a status update spreading the link virally to your Twitter followers. The scam victims will be prompted to fill survey questionnaires that will bring money to the scammer and the scammer will have access to your account for malware actions, to say the least. Affected users should revoke the “On Line Timer” application access immediately. You can do that by entering Settings>Connections and revoking the rights to the application. By the time you read this post, the original link should have been blocked by bit.ly the company that provides the short link, but who is to say the scammer will have switched to another address already.
Credit goes to Graham Curley from Sophos for providing the fist scam warning on this scam and to Sean Sullivan from F-Secure who found that the same bit.ly user who was behind the "11.6 hours" scam appears to also be the originator of this latest attack.

No comments: