Quick Hits

Phishers Launch Scam On Twitter Users

Direct messages from "followers" offer links to a drive-by malware site, researchers warn
Security researchers are warning of a new phishing campaign that is being conducted through the popular Twitter microblogging service, leading users to a drive-by malware site.

The attack, which was reported this past weekend by security blogger Chris Pirillo, appears to be a direct message from one of a Twitter user's "followers," or friends. The message offers a link to another site, usually accompanied by a come-on, such as, "I found a Website with your picture on it," or "I just won a new iPhone!"

When victims click on the link, they are taken to a site that "poses to be the regular Twitter login page, but is actually stealing usernames and passwords from the unwary," according to a blog by Graham Cluley, a security researcher at Sophos. Once they've hacked those identities, the attackers then use the information to try to fool other Twitter users as well, Cluley says.

Twitter has posted a warning about the phishing campaign, and the service provider has also begun blocking the known URLs of the fake site.