There is a lot of malware spam on twitter at the moment. I’m getting between 100-500 Direct Messages (DMs) a day from compromised accounts. They say things like:
“i made $426.23 online today with”
“I make money online with google. i learned how here”
“this you here”
“hey can you do me a favor? take this iq test. here”
“hey. can you take this quiz thingy? here”
“wow. i didn’t know my iq score until now. i got it here”
“can you do this quiz for me?? go here”
“hi there. this place has the best ringtones. i just got some.. go here:”
“hey, i got free ringtones from here…”
“get some ringtones for me here;”
“hi! i just got a bunch of ringtones from here:”
“omg! i took this quiz my score is higher than yours!! check here”
“Let’s find out if your IQ is higher. Here”
“OMG I can’t believe I found you”
“Hey, this you?”
“Hah. this you?”
“you look funny on here”
“i can’t stop laughing at this..”
“this was funny”
“rofl this you???”
“LOL, omg this you?”
“hahah you should see this”
“You’re on here…”
“this gotta be you in this picture ?”
“Make money from home you’re guaranteed $3,000-$8,000 a month”
“wow this really works! i found out who stalks me”
“Someone said this real bad thing about you in a blog”
“You really had the nerve to say this about me?”
“You need to read this, really bad stuff being said about you”
“check out this embarrassing photo of you.”
“I saw a real bad blog about you, you seen this?”
“Automated DM, You are tweeting too much! click here to avoid account suspension!”
“lol…I’m laughing so hard at this pic of u my friend posted”
“Hi somebody is saying horrible things about you…”
“lol…omg i am laughing so hard at this pic of me someone found”
“did you see this crazy tweet about you?”
“Are you satisfied with a 9-5 job?”
“Is your boss pushing you over the limit?”
“Do you think it’s time to quit your job?”
“i wish i thought of doing this sooner working within an hour with no degree…”
“#part3.txt totally reminded me of you when i looked at this”
“you might want to view this this mom is live on CNBC i thought of you when i saw this”
Or tweets that say:
“New App., it shows me who ‘stalks’ my twitter!”
“A Real Diet, that Really Works!”
“lmao…omg i am laughing so hard at this pic of me my friend found”
“ROFLMAO i can’t stop laughing at this pic of you”
“haha the look on your face in this pix is priceless!”
“I saw this really nasty tweet about you this user must not like you”
“I’ve reported your account, want to know why? click here”
“Someone is posting a pic of you all over twitter ;( link2pic here”
“did you see this photo of you yet??”
“this pic of you has me laughing hard”
… all with links at the end. I just copy/pasted some of the ones I received and updated the list over time.
DON’T CLICK THE LINK
Even if it’s from one of your close friends. I deliberately infected a test account so I could bring you the most accurate information. The link takes you to a page that looks identical to Twitter’s home page. But if you look at the url in the address bar, it won’t be from Twitter.com.
When you login, you’ll be redirected to Twitter and not know anything has happened, apart from maybe a little message saying you’re already signed in. In the meantime, you’ve just sent your username and password off to a database somewhere. A couple of times a day, whatever spammer owns that list uses your login details to send infected Direct Messages to all your followers and infected Tweets, some with @reply. I presume this is how that part works, based on my observation that the infected tweets come in waves, rather than all the time.
In the simplest terms – clicking the link and logging in causes your Twitter account to be hacked and send spam to your followers.
If you’ve been hacked: Resetting your Twitter password should be enough to fix it. Go right now to –> https://twitter.com/account/password <– and change your password now. If you don’t trust that link (hey, you just got hacked, so I can understand you being suspicious of anything right now!), the other way is to go to Twitter, hover over your name in the top bar, click Settings, then click the Password tab and change your password.
If your account is still infected, repeat the above, then go to your Browser Settings and clear your cache and delete your saved passwords (reader tip – thanks @Pepperfire). Also, go to your list of connections –> https://twitter.com/account/connections <– and click “revoke access” to any application you don’t remember allowing.
You should be fine after that.
If you don’t do anything, Twitter will change your password on you and send you an email asking you to choose a new one.
Twitter also seems to delete all the infected DMs when they reset your password, so that’ll save you a bunch of time.
If you receive a malware DM like the ones listed above: remember they are also a victim, so blocking them won’t solve much. It’s better to send the person the following message:
I received a virus DM from you. Change your twitter password & revoke access to bad apps may fix it. More info: http://bello.ws/18
You can just copy and paste that – it’s designed to be the right size for a twitter DM. The link will take them to this page, so they can go through the “unhacking” procedure above.
Remember: the malware comes from hacked accounts. The people generally have no idea their account has been compromised. They aren’t sending the malware; someone else is controlling that. Unless they go to their sent messages –> https://twitter.com/sent <– they wouldn’t know they’ve been hacked.
Be Gentle With Them
It’s not their fault (apart from clicking on a link in a message they may have received from a friend).
Prevention: It’s as simple as when you sign in to your Twitter account ALWAYS check that the url at the top starts with http://twitter.com or https://twitter.com.
Please pass this message around. The more people know about this, the quicker we can stop this mess.
Click here to automatically fill a tweet. You can edit it in twitter, or just hit send to tweet it to your followers.