Glaswegian

Twitter users have been tricked into divulging their login and password details to a website that then spammed their contacts.

The culprit is a website called TwitterCut. Some Twitter users began getting a message that appeared to be from one of their friends and included a link to the TwitterCut website. The message implied they could gain more Twitter contacts by following the link.

At one time TwitterCut looked quite similar to the real Twitter login page, said Mikko Hypponen, chief research offer for the security vendor F-Secure.

If a person entered their login details, TwitterCut would then send the same message via Twitter to all of the victim's contacts, a kind of phishing attack with worm-like characteristics. No malicious software is installed on a user's machine, Hypponen said.

Although TwitterCut probably holds the login details for many accounts, it doesn't appear those accounts have been used to spam out links to more dangerous websites.

TwitterCut's website has been reported to services that blacklist potentially harmful sites, although it is still active. In a warning message now on TwitterCut, the site's operators said they didn't mean to phish people.

Instead, they say they were trying to create a so-called Twitter Train, which are sites that purport to quickly give Twitter users lots of followers. They said they bought the login script on their site for $50 (£31).

"We were not phishing Twitter accounts whatsoever," the message said. "We're shutting down this site."

Hypponen said Twitter should be on the lookout for signs of spam, such as when an identical message appears hundreds and hundreds of times across users' profiles that isn't a "retweet," or the intentional reposting of other content.


http://www.techworld.com/security/ne...&NewsID=116482