Social-networking service Twitter warned users on Wednesday that a link sent by direct message redirects users to a malicious site that attempts to steal their account credentials.
It's unclear how many users of the microblogging service had fallen prey to the phishing scheme, which sends victims to a replica of the Twitter logon page. Accounts compromised by the attack will send out messages, which resembles "rofl this you on here? http:// videos.twitter.*****-logins01.com," to their followers, according to reports.
"A bit o'phishing going on -- if you get a weird direct message, don't click on it and certainly don't give your login creds!" Twitter warned users through its spam channel.
The phishing attack is the latest attack to use Twitter, and other social networks, as a communications channel. Last month, security researchers revealed details of a botnet that used Twitter and the shortened URLs common on the service, as an update service for its malicious code. In June, researchers warned that social networks were becoming a major vector for attacks.
The Koobface worm, which uses Facebook and MySpace to spread, was one of the first major threats to highlight the danger of malicious code propagating through social networks.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos