Free Articles, Free Web Content, Reprint Articles
Saturday, February 11, 2012
 
Free Articles, Free Web Content, Reprint ArticlesRegisterAll CategoriesTop AuthorsSubmit Article (Article Submission)ContactSubscribe Free Articles, Free Web Content, Reprint Articles
ADVERTISEMENTS
RELATED ARTICLES
How To Exponentially Build Your Twitter Followers And Generate Cash With Twitter
My Top 7 Essential Twitter Tools
How to Use Twitter to Get a Re-Tweet
World of 140 Characters I.E. Twitter
5 Tips for Using Twitter in your marketing
Everyone Is All A-Twitter About Twitter
How To Build a List Of Twitter Followers
An ideal approach to Watch Grey’s Anatomy Online
What Makes Me Love Twitter
Spirituality Proclaiming High on Twitter - Dalai Lama and Rick Warren Among Top 20 Twitter Celebs
How to Twitter for Maximum Benefit
Using Twitter For Your Business
How to Monitor Twitter Sentiment
Will an Anatomy Course Online Help?
A Long Night for the Residents on Grey’s Anatomy season 7 episode 9
  RSS   Digg: Anatomy of a Twitter Attack   Email: Anatomy of a Twitter Attack  
 
Premium Author M Frizzi

Anatomy of a Twitter Attack

Computers Articles | March 4, 2010

I was happily snacking away on my lunch break here in Vancouver when suddenly my TweetDeck Twitter client sounded the alert for incoming direct messages. If you are not a Twitter user, direct messages are private messages between Twitter accounts. You can only send a direct message to someone who is following you on Twitter, no strangers allowed

I was happily snacking away on my lunch break here in Vancouver when suddenly my TweetDeck Twitter client sounded the alert for incoming direct messages. If you are not a Twitter user, direct messages are private messages between Twitter accounts. You can only send a direct message to someone who is following you on Twitter, no strangers allowed.
I knew the sender, so it was clear this was a new scam in progress...


What was the purpose in luring me to click on this URL? Penis pills? Phishing Attack? Malware? I performed a quick WHOIS lookup to see what I could find out. Of course the purchaser had enabled privacy to shield their identity.

Domain Name:JFK(redacted).INFO
Created On:02-Nov-2009 08:24:44 UTC
Last Updated On:02-Nov-2009 08:47:22 UTC
Expiration Date:02-Nov-2010 08:24:44 UTC


The domain was registered yesterday morning. I visited the URL from a test computer to see what would happen. Hrmph. They either don't like security researchers, or, as usual, they simply don't want Canadians getting rich off their scam.


The site did redirect me to another domain though, which I then looked up.

Domain:ONLYFREE(redacted)ONLINE.com
Record created on: 2008-08-19 16:41:23.0
Database last updated on: 2009-08-31 10:09:56.743
Domain Expires on: 2011-08-19 16:41:23.0


This one was over a year old. This is a common tactic in social media spam: Create new domains with a clean reputation and redirect these to known dirty domains further down the chain. But I still didn't know what they were shilling, so I performed some magic, overcame my Canadian researcher problem, and finally arrived.


I dutifully registered after reading the terms and conditions and privacy policy, a must for these types of sites. After a bit of legalese, I determined that my idea of privacy was not quite compatible with theirs.


The terms and conditions state: "By submitting this form, I am ordering GoogleFortune for a 7-day bonus period for $1.97 billed to my credit Card; If you enjoy GoogleFortune, simply do nothing. On the 7th day my credit card will automatically be charged $69.97 and every month, thereafter. . ." 


Further along it adds some more goodies: "I also agree to the 14 day and 21 day bonus trials to Rebate Millionaire and Network Agenda (redacted) for $19.95 a month and $9.95 a month thereafter". You can also see this text in small print at the top of the billing page.

At least I know my credit card will be safe in transit, as the site is GoDaddy.com certified secure. Now I can sit back and watch as $99.87 a month starts my new career working from home. The site even points out that using Google is FREE.


Many Twitter users fell victim to this scam today, likely the result of a phishing attack against users of the service. Using sites that request your username and password for social media is never a good idea. 


Make sure anything requesting your Twitter credentials uses Twitter OAuth. This means your username and password are requested by Twitter and passed through to the third party application.

If you are having a hard time creating complex passwordsFree Articles, watch Graham Cluley make a great password from Bedrock (http://www.youtube.com/watch?v=VYzguTdOmmU).

 

.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Source: Free Articles from ArticlesFactory.com

ABOUT THE AUTHOR


This article was written by Chester Wisniewski of Sophos and is published here with their full permission. Sophos provides full data protection services including: security software, encryption software, antivirus, and malware protection.
Health
Business
Finance
Technology
Travel
Home Repair
Computers
Family
Communication
Entertainment
Marketing
Self Help
Autos
Home Business
ECommerce
Sports
Education
Internet
Other
Law
Partners
California Bail Bonds Bounty Hunters
Immigration Attorney
Moving Relocation Services
Crystal Awards and Trophies
Handbags
Alpine Car Audio
Carpet Cleaning Los Angeles


Free Articles Home | Register | Submit an Article | Links | Contact | Archive | XML/RSS Feed
Terms of Service | Privacy Policy
Page loaded in 0.050 seconds