Anatomy of Twitter social engineering
I can immediately tell when someone who is following me on Twitter is not genuine (especially if it’s a hot girl half naked).
The social engineering on Twitter is getting much better these days. It used to be a profile with just one tweet: a spam URL. Now, the profile actually looks legit with regular updates that give you the feeling this is a real person there.
Such as “Lucia756 is making pancakes!! 
”
You could not be any more wrong. These profiles are automated, they are fake, and their sole purpose is to make you click on a link that redirects to either exploits, phishing pages, or Adware.
In this case, it is Adware with the webfetti toolbar, AKA FunWebProducts, MyWebSearch, CursorMania, SmileyCentral, Zwinky, MyWay Searchbar, etc… is that a long list or what?
I think I’m going to keep my Twitter profile public… Such things are very annoying… but they allow me to blog about malware practices that will affect many users out there.
Jerome Segura
|
More XXXblackbook spam on Twitter
There has been a wave of automated followers on Twitter promoting the adult dating site xxxblackbook.
Social engineering tricks are used, such as your regular newspapers’ headlines.
The link redirects you to an adult site, as mentioned above. Not sure this will help you if you are unemployed….
I’m seriously considering locking up my Twitter account now…
Jerome Segura
|
Twitter raids
You know sometimes I forget how much hatred there is in our world.
There are people out there that plan attacks against individuals, companies, or popular websites as part of their daily activities.
They get together and plan ‘raids’ on IRC channels. In the pic below, if you click on the ‘visit this page’ you get redirected to a horrible rickrolling page. Why are there such sick people out there?
This site aims at attacking Twitter. It teaches you how to create Bots and other things to become a hacker.
(Warning! offensive language)
This screen below shows a Bot written in Perl which purpose is to retweet every tweet mentioning a certain keyword.
What can I say? I’ve noticed Twitter has been very slow at times lately and I’m sure it gets abused a lot on a daily basis.
I think such reminders are good every once in a while to keep your guards up.
Jerome Segura
|
A rather raunchy linkedin profile
The popular social networking site linkedin is constantly the victim of fake profile pages.
Check this one out though, and tell me there truly is nothing you can do to weed out a ‘fake’ profile.
Warning! Offensive language.
And the free sex clips redirect to this page which serves both Windows and Mac Trojans.
sitestube.com/xplaymovie.php?id=45145
File detection on Virus Total:
Jerome Segura
Malware ID: 621696054e4d31d03ce13467ba22b53d.zip
|
