As many as 13,000 Twitter users have been affected by a new “worm-like” phishing attack that feeds on some members’ desire to gain more followers. The said scam dupes users into forking over their account names and passwords using a Web site called “Twittercut.”

Twitter users may see the following tweet in their stream:

When they click on the link, they are redirected to a fraudulent Twitter Web site that asks them for their account name and password. Once the needed login details are entered, the site sends similar messages to all of the affected users’ followers, along with links to a paid dating service.

The messages are said to have started from an account called @twittercut, which had been disabled. But then the tweets continued to come, this time from a new account called @tweetcut. The latter is now also inoperative.

The site operators at TwitterCut denied phishing allegations and announced that they were shutting the site down.

“According to several social network blog sites, TwitterCut has been the bud of several rumors,” they said on a message on their site. “Our website and its programmers can assure you that these rumors are not true and that TwitterCut is simply a Twitter train that was a work in progress!”

Twitter acknowledged the problem with a post on its status page Tuesday night. “We are currently pushing a password reset on accounts we believe may have been caught in a phishing scam,” said the company. “Please exercise your best judgement when thinking about releasing your username and password to third parties.”

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!

We might not be experts on how to express special feelings for someone, but we know sending them messages that lead to TV channel advertisements ain’t one of the ways to do them.

The message indicates that the recipient has a secret admirer and he/she has provided a profile for the recipient to view.

Below is a screen shot of the ecard website:

The link provided uses TinyURL which redirects the user to several random sites times before finally showing the actual website. The funny thing is, there is no profile, just an advertisement.

The website promotes a software that lets users watch 1,000+ live TV channels around the world for a one-time-payment. Once the user attempts to close the window of the site, a message box will appear and an agent will start “chatting” with the user about the company’s product, offering discounts just to take their offer.

The spam message is already blocked through the Smart Protection Network.

Spam mails are very annoying, so we turn to spam filters to avoid ending up with an inbox flooded with them. Unfortunately one “anti-spam filter” we’ve encountered isn’t driving junk out, but letting them in.

We have received an email message claiming that it is from Webmail Support. It is posing as a security announcement and states that the recipient’s mail server is sending out spam because it is infected by a virus that could contaminate their contacts and other users of the network.

To correct this, it recommends the recipient to download and install an Anti-Spam filter then scan their computer so that they would not block the recipient’s email account.

The message was in Portuguese and is roughly translated to English as:

Security Announcement

Dear user, I found that your mail server is automatically sending messages known as SPAM, contami your contacts and other users of the network with the Virus 32/Fbd, it sends false messages to e-mail servers.

We recommend the installation of the system Antispam, that it be corrected. Otherwise, the provider of WebMail will be given the right to block all of your e-mail account. Grateful for the attention!

Download Program Antispam filtering below and do a scan on your computer.
http://{BLOCKED}/suporte/suporte-email/spam

Regards,
Protection of the Webmail service.

* Message for automatic spam filtering. You need not answer it

However, clicking the link given will trigger download a malicious file instead.

The downloaded file is detected as TROJ_DLOADER.MCS. TROJ_DLOADER.MCS drops TSPY_KEYSPY.S which logs keystrokes on the affected system, then sends all gathered information to a remote user. Successful execution of the mentioned routines could lead to the compromise of the affected system, and loss of critical information.

The Trend Micro Smart Protection Network provides complete protection from this attack, as all three components of this attack: spam, malicious URL, and malicious files, are already blocked and detected respectively.

A spam attack that has affected instant messaging users has found its way through Twitter, infiltrating users accounts to post messages with links connecting to weight-loss drugs.

Hacked Twitter accounts are being used to post messages that promote weight-loss drugs. The messages vary in the stated text, but generally states the same message and are all followed by a link that leads to websites where the drugs are being sold. Searches through Twitter for “$5 acai” yields the posts of users whose accounts were hacked.

The spammers even utilized TinyURL–a free URL redirection service that is used to turn long URLs into shorter ones. The service has been frequently used by Twitter users as it lets them use more of the 140 character limit for messages instead of links. This makes the spam posts even more convincing, making the message not much different from any other post, not to mention masking the actual spam URL with the one provided by TinyURL.

Worldometers states that there currently more than 1 billion overweight adults, with at least 300 million of them clinically obese. With such a huge number of concerned users as potential targets, a lure such as weight-loss drugs has good chances to become a hit.

Formerly known as Ecount, Citi Prepaid Services is a prepaid solution for companies who aim for a customizable solution for payroll, sales incentives, benefit payments, etc. Recently we have encountered a phishing email, informing Citi Prepaid Services customers/clients that their account information needs to be updated due to inactive membership, purported causing fraud and report spoofing due to the account’s inactivity.

Below is a screenshot of the phishing email:	In the email users are instructed to click on the embedded link which, in fact, leads to the phishing website:

Once customers/clients entered their account credentials believing that this is real, phishers can now take hold of the information and may use it however they wish.

Citi Prepaid Services actually offers Zero Liability Protection which protects users from this very attack. It means that users are not to be held responsible for any fraudulent activity regarding their account. But since the Zero Liability Protection is a feature limited to Citi Prepaid Service, victims of a similar attack on a different service may not be as lucky, and end up losing their hard-earned money.

The phishing URL is now blocked by the Trend Micro Smart Protection Network.