by Jason Ding, Research Scientist
It is not rare for general Internet users to get their online accounts spammed, compromised or hacked due to their less knowledge about the dangerousness of the Web.
However, network security professionals should at least have enough knowledge and take strong precaution to protect their own online accounts, before helping others, or hosting hacking events.
Unfortunately, this is not always true. Check this live example: TakeDownCon, “a technical security conference series fundamentally developed to focus on only ONE information security domain per event” – just got its Twitter account @TakeDownCon comprised. It sent direct messages to its followers, and posted spam tweets on its own timeline.
The example of the direct message is as following:
The spam tweets on @TakeDownCon:
The URL in the message will direct users to a phishing website stealing Twitter credentials:
This phishing website domain itvvitier[.]com is newly registered to an address in Shanghai, China, since April 23, 2012.
Anyone who received these messages should ignore and delete them immediately. As always, do not click any links in your emails or messages if you are not 100% sure of their origin or intent. And always, carefully check the URL in your browser’s address bar whenever you login to a website.
Leave a reply