Monday, April 4, 2011

Thousands of Twitter Users Falling Victim Of The "Profile Spy" Scam. Rogue Spreading Virally

By Cesar Ortiz
Multiple sources, including CNET are reporting a major comeback on Twitter of a known Facebook scam attack. Thousands of Twitter users have fallen into the trap of allowing a third party application called "Profile Spy" to access their Twitter accounts, after believing that they would be able to find out who has been viewing their tweets.  We covered the original attack in a previous post here in our March 19, 2011 post with the original version called My profile was viewed ### times JUST TODAY! Click here to see how many views you got! “.  At that time, users that gave their phone numbers where hit via SMS 4 times per week at $2 per trivia question or $32 a month, after taking a fake IQ test.

Today's attack carries the signature sentence  “Wow! See who viewed your twitter with Profile Spy [LINK]”  and is spreading virally. Unsuspecting users will allow the application to continue and propagate and will begin instantly tweeting out messages to Twitter users followers, encouraging them to also click on the link. The object of the scam is to make money for the hackers behind it. They pop-up a survey and demand that you complete it before they will reveal details of who has been viewing your Twitter messages. A fact that will never happen or will be a faked result.
As with my previous March 19, 2011 post, since users gave permission for this app to run in their PC or cell phone, other malicious software can be injected in the PC or cell phone using the rogue internal address. That is our major concern. Affected users should revoke the “Profile Spy” related applications access immediately. You can do that by entering “Settings”, select “Connections” and revoking the rights to the application.

Make sure you run your anti-virus with updated virus signatures on your PC. By the time you read this post, the original link should have been blocked by the company that provides the short link, but it is safe to say that the hackers will have switched to another address already.

No comments: