Twitter‘s list of trending topics appears to have been hit hard by another variant of the familiar “see who unfollowed you” scam:
What happens when you click on the link? You are redirected to a page for a “Followers Monitor”, which leads eventually to a page asking you to authorize an application to use your Twitter account. This rogue application is able to carry out such “minor” operations as reading your tweets, updating your profile, and even posting tweets on your behalf. If you actually give the app access, of course, the first thing it will do is post its own version of the spammed Tweet.
Be careful with clicking on links from Twitter, particularly ones like these that claim you can learn who unfollowed you – they are always a scam. If you do inadvertently click links like this, you can undo some of the damage by removing the app’s authorization to access your Twitter account. This can be found under the Applications tab of your settings. Trend Micro already blocks the above page, so users are already protected from this threat.
Update as of 7:30 PM (UTC-7), December 20, 2011
We’re still seeing spammed Tweets that are similar to this attack, although some variants seem to have stopped mining the trending topics for hashtags to use. Please consider any link that comes from s0rt(dot)tk to be malicious and don’t click on them.
Leave a reply
