Twitter Spam: Watch Obama punch out a guy...

The two things might just be co-incidental – or they may indicate the speed with which scammers can now react to real-life incidents. Both include ‘Obama’, and both offer a video recording. The first, however is a scam detected by PandaLabs. Since scammers have lists of compromised Twitter accounts ready and waiting for use, it is perfectly possible that they saw an opportunity and reacted.

According to PandaLabs’ analysis, the scam is delivered by a Twitter direct message (DM). Since only mutual followers can use DMs, the immediate appearance is that the message comes from a trusted contact. It’s just the latest variant a tried and trusted method. “Users’ accounts receive dozens of them every day,” explained PandaLabs technical director Luis Corrons, “with malicious links and enticing messages like: ‘What exactly do you think you're doing on this video clip’, ‘Hello this guy is saying bad rumors about u...’, ‘Did you see this pic of you?’,” and so on.

This variant points to a fake Facebook page. First the fake page asks for the user’s Twitter log on details, adding to the scammer’s arsenal of hijacked Twitter accounts. Then it claims that the user’s YouTube player needs to be updated. Needless to say, the user doesn’t get YouTube, he gets Koobface and will probably lose his personal data. It “exploits the two most popular social networking sites, Facebook and Twitter, to trick users into believing they are viewing a trusted site”, added Corrons. “It also relies on its victims’ curiosity by using a scandalous story involving US President Barack Obama and racism. Cyber-criminals know people are curious by nature and take advantage of this to trick users and infect them with their creations.”

Corrons’ advice is to “Never, ever, click the links within the text of those messages... Every time you receive a direct message you should check with the sender that they have knowingly sent it to you.”

What’s Hot on Infosecurity Magazine?