Fake Software Requests Access to ‘Twitter’ User Accounts
A fresh fake software is proliferating across Twitter.com, which posing as a message for the visitor tells him the length of time he expended browsing the micro-blogging website, disclosed Sophos the security company on June 2, 2011.
Like usual the message exclaims stating that the writer spent 38.1 hrs browsing Twitter.com and thereafter invites the recipient to find out his length of time by clicking a given web-link, Sophos elaborates.
Says Senior Technology Consultant Graham Cluley at Sophos, incase anyone feels so tempted that he follows the web-link, he'll see something posted supposedly from a friend after which he shall be directed towards granting an intermediary software's request for letting it access his Twitter profile. Cnet.com published this on June 1, 2011.
Furthermore, Cluley says that the software as mentioned is named TimeSpentHere that would be troublesome solely when the victim allows it for viewing his Twitter account. And when that's done, it'll simply manage in reading the victim's tweets, or even altering his profile, Cluley adds.
Cluley also adds that the software even opens a website inside the victim's browser that's the creation of the con artists. Gmanews.tv reported this on June 2, 2011.
Moreover as per Cluley when he used an experimental account to run the malicious campaign, the website wouldn't offer to tell the number of hours he'd passed on Twitter. However, it didn't hesitate to imagine up a random time period for tweeting because it hoped some gullible onlookers would get tempted.
Additionally according to Cluley, the software's developers directed victims to feed in their e-mail ids citing security reasons.
Thus he warned that probably the above was an effort for digging e-mail ids with which malware or phishing attacks could be manipulated later. These manipulations though could happen after weeks alternatively months when the fraudsters would utilize any data on end-users they snatched to commit online crime, Cluley explained. Softpedia.com reported this on June 2, 2011.
Significantly, Cluley advised that incase anyone had already authorized fake software to view his Twitter account, he must immediately visit Settings/Applications on Twitter.com and use it to annul the rogue software's privileges.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 13-06-2011