Tuesday, May 10, 2011

“Hours Spent On Twitter” Scam Spreading Virally

By Cesar Ortiz

Multiple sources are alerting on this fast spreading scam.This is another derivate of my March 15, 2011 “On Line Timer Scam Spreads Virally” previous Blog entry, we can say it is the same dog with a different collar in the sense that, in this one, we don’t know what the hacker will do after accessing your account, besides making you propagate the scam and accessing your account. Let’s pretend you are the victim. You will receive a message from one of your (infected) friends saying, more or less:


Your Friends Name --> I have spent: 23.8 hours on Twitter! See how much you have: (sample)http://x.co/c445H5 [link]
If users click on the link, they will see a very official Twitter looking authorization message that will say “Authorize TimeChecker2.6 to use your account?. Users, who click on the blue “Authorize app” button, will be authorizing the hackers to post messages in your name, check who follows you on Twitter, mess up your avatar and change your profile. Immediately, and without you even knowing, the rogue application will send the same message you received to all your friends.
The next step will present you with a very professional looking screen titled “Your results” and an indicator will say “Loading results..this may take up to 1 minute”. A blank window that asks you to enter your e-mail where your results will be mailed is included. Needless to say, you will never get the results. Nothing else will happen now, but in the process you have granted access to hackers to your Twitter account data and given your e-mail address and, who knows what they will do next.
To remove this hack, users will have to do two things (1) Remove the subject messages by clicking on the small “x” to the right of the message, this stops spreading the scam to your friends and (2) remove any related application in the “Profile Information”, “Privacy settings”,  “Application websites” such as “TimeChecker2.6”. Call your friends and ask them to do the same procedure.

No comments: