Black hats keep finding new ways of smart social engineering recently new scam was exposed where users were threatened for twitter petition which was phishing attempt-The tweets being sent out read "Twitter might start to charge in October, sign this petition to keep the service free! -URL-."
The real source of short url takes to a twitter phishing site running on chinese dns servers
At least one Twitter user seems to be having some fun with this and has produced her own copy of the scam...
This morning @trojankitten tweeted "Twitter might start charging in October, a petition is picking up speed to keep it free.-URL-."
which is redirected a pastie.org page that reads:
Don't forget to subscribe to our rss feeds.We wish you a secure day :)
At least one Twitter user seems to be having some fun with this and has produced her own copy of the scam...
This morning @trojankitten tweeted "Twitter might start charging in October, a petition is picking up speed to keep it free.-URL-."
which is redirected a pastie.org page that reads:
If you have been hit with this scam, be sure to change your Twitter password immediately and it would be prudent to log in and revoke all application API access as well."Hi,
This is Trojan Kitten. Twitter won't "start charging in October," but there's yet-another-twitter-malware, which will send tweets like these from your account, once you're affected:
"Twitter might start to charge in October, sign this petition to keep the service free! link.here/to-malware" "Twitter is going to charge now? read this article on twitter :( link.here/to-malware"
And since you see the text you're currently reading, you could've been affected: you clicked the link. I don't actually blame the users. So let's blame Twitter for its loose control on apps (in terms of security).
Don't forget to subscribe to our rss feeds.We wish you a secure day :)
