Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Celebrities mask malware on Twitter, LinkedIn
Published: 2009-01-06

Facebook and MySpace are so 2008; now scammers have set their sites on conning Twitter and LinkedIn users.

On Monday, microblogging service Twitter announced that 33 celebrities -- from Britney Spears to President-elect Barack Obama -- had tweets posted to their accounts after online intruders gained access to the company's support and administration tools. The breach followed a noticeable surge in phishing attacks aimed at Twitter and LinkedIn users so far this year. While the purpose of the hack appeared to be to embarrass the celebrities, in at least one case, the attack attempted to direct a target's followers to a phishing Web site.

"These accounts were compromised by an individual who hacked into some of the tools our support team uses to help people do things like edit the email address associated with their Twitter account when they can't remember or get stuck," the company said in a blog post on Monday. "We considered this a very serious breach of security and immediately took the support tools offline. We'll put them back only when they're safe and secure."

On Tuesday, an alleged 18-year-old prankster admitted to running a dictionary attack against what he assumed was a popular user, but who turned out to be a Twitter administrator, Wired News reported.

Over the past week, both Twitter and LinkedIn, a social networking service for business users, have seen an increase in phishing attempts using the names of famous celebrities. On LinkedIn, scammers used fake profiles for Beyoncé Knowles, Christina Ricci, Kirsten Dunst and Salma Hayek in an attempt to lead unsuspecting visitors to sites hosting malicious software, according to antivirus firm Trend Micro.

Twitter warned users to beware of pages that appear to be the service asking for login credentials.

"If you receive a direct message or a direct message email notification that redirects to what looks like — don't sign in," the service warned in a blog post. "Look closely at the URL because it could be a scam."

If you have tips or insights on this topic, please contact SecurityFocus.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:


Privacy Statement
Copyright 2009, SecurityFocus