A fresh phishing attack has appeared on social networking site Twitter that again used direct messages.
F-Secure CTO Mikko Hypponen said that the messages are similar to those seen last month. In the latest detected, the recipient receives a message asking ‘did I tell you that ur here' or ‘you should change ur photo u took here' with a link given. Following this link takes the user to a fake Twitter page.
Hypponen said: “If you mistakenly give out your credentials, the attackers will start sending similar direct messages to your contacts, posing as you. The ultimate goal of the attackers is to gain access to a large amount of valid Twitter accounts, then use these account to post tweets with URLs pointing to malicious websites which will take over users; computers when clicked."
He claimed that Twitter is already filtering these messages from being posted, although it was unclear if they are also removing already-delivered direct messages.
Also, the Twitter built-in link shorteners (twt.tl and bit.ly) are detecting the URLs as malicious.
BitDefender also warned of a malware distribution campaign using legitimate emails, which notified Facebook users that the passwords to their accounts have been changed due to security reasons. The recipients of this fake notification were supposed to open an attached .zip file in order to find out their new allocated password.
However the zip file hides Trojan.Dropper.Oficla.G that installs a backdoor which allows remote, clandestine access to the infected system. It detected that the distribution started on the evening of 17th March and since then, spam ‘waves' have seen more than 200 spam messages being sent out in 30 minutes.
Facebook issued guidance on its security page, and said: “There's another spoofed email going around that claims to be from Facebook and asks you to open an attachment to receive a new password. This email is fake. Delete it from your inbox, and warn your friends. Remember that Facebook will never send you a new password in an attachment.”