New Twitter worm promises more contacts, but hijacks account

Unfortunately, when Twitter users click on the shortened URL, the resultant website asks for their user name and password and does little else.

According to Adam Ostrow, a security researcher with the Mashable web portal, the worm is spreading rapidly via Twitter.

"Unfortunately, the only thing that the sites involved seem to do is use your account to spam your followers", he said in a blog posting.

Ostrow said that the `@GetFree' account used by one of the worm variants has been suspended by Twitter, although the number of variations on the worm appears to be increasing.

"Another that I came across may be far more damaging, as it appears to be spreading malware through what look to be YouTube videos, but actually functions like the Koobface worm", he said.

Twitter appears to be aware of the problem and is reported to be actively locking down accounts using the worm scam.

Ostrow said, however, that he and his team are "still digging to get to the bottom of this scam, but with `Twitter Followers' hitting trending topics, it's clear many people are falling for something today".

"We'll update when we know more - in the meantime, be sure to keep your credentials safe and be dubious of video links", he added.

What’s Hot on Infosecurity Magazine?