CNN and "still-alive" Osama bin Laden luring Twitter users

According to Carl Leonard, a security researcher with Websense, tweets have been going out these past few days that bin Laden is alive although, as seasoned IT security professionals will be unsurprised to hear, the tweets lead to a phishing page.

"Tweets are being posted by users right now at the rate of several hundred tweets per second and include `omgg osama is alive!!! cnn confirmed that he's still out there :(('," says Leonard in his latest security blog.

The tweets, he adds, lead to a bit.ly redirector that takes the user to a convincing phishing page designed to harvest the user's Twitter account credentials.

Users that enter their credentials are then taken to a YouTube video relating to the topic of the scam, a CNN video discussing the news that 'Osama is alive say protesters.'

Interestingly, the Websense security researcher says that the redirection chain is:

hxxp://bit.ly/m[removed]Y
hxxp://twitter.[removed].ru/relogin.php
hxxp://www.youtube.com/watch?v=Ga[removed]Mg

Leonard notes that Trendistic, a Twitter trend-tracking service, recorded the scam as accounting for 1% of all tweets yesterday, with a rate of 200 per minute as the day progressed.

This suggests, he says, that the phishing page could be successfully harvesting Twitter account credentials and then tweeting on their behalf, so spreading the phishing links.

"When Osama bin Laden's death was announced, we saw Facebook status updates offering a video of the events. Malware authors often use news events to entice and trick users into performing actions such as following website links", said Leonard.

"Websense Security Labs advises Twitter users who believe they may have fallen for this scam to change their passwords immediately and to check their Twitter feeds for postings related to this scam topic", he added.

What’s Hot on Infosecurity Magazine?