Twitter Phishing Spamrun: “Strange Rumors About You”

Posted: September 8, 2014 by Christopher Boyd
Last updated: March 30, 2016

Thanks to Janne Ahlberg for notifying us about an ongoing Twitter spam attack which is sending potential victims to phishing pages via a Tumblr redirect.

Compromised Twitter accounts and / or bots are sending variations of the below to Twitter users:

You may wanna see this strange rumor about you [Tumblr URL]

We’ve seen some 200+ messages sent in the last ten minutes, and this attack has been ongoing for at least six hours.

Here’s the Tumblr spam blog which is redirecting to the fake Twitter login, and the fake login itself:

The fake page reads:

“Your current session has ended.

For security purposes your [sic] were forcibly signed out. You need to verify your Twitter account, please relogin.”

In other words, very similar to spamruns seen in both February and March.

Twitter users should avoid signing into Twitter via any of the links being sent around, and always check the URL to ensure they’re entering their credentials in the right place.

Christopher Boyd (Thanks Janne).

COMMENTS

Lois Bernard

Thanks, I got one of these but my security software did protect me from going to tumblr.
Kristian Hansen

What happens if you click on “Forgot password?”
Pingback: Twitter Phishing Spamrun: “Strange Rumors About You” - nickelberg()
Jay P.

All it comes down to is check your URLs, but this should be very obvious as the URL is an IP address.
Pingback: A Week in Security (Sept 07 – 13) | Malwarebytes Unpacked()
Mew Ashley

I’ve seen something similar happen on facebook.
Instead it said: Is this you in the video? (link)
My friend got hacked and sent that message out. I almost clicked it because the link had the word Mew in it and some bullies at school recorded me getting upset and said they’d post it online. But then I decided that it was probably a hack because something told me there was something suspicious about it. So I asked some of our mutual friends and they said he sent the same thing to them as well. Later, the friend confirmed he was hacked.

RELATED ARTICLES

Cybercrime | Malware

Intentional PE Corruption

April 30, 2012 - Malwarebytes Anti-Malware is under constant attack. 24 hours per day, 7 days per week, 365 days per year. If you read my recent blog post about the development of Malwarebytes Chameleon, you know that we at Malwarebytes have big red ‘X’s on our chests; the bad guys are always out to get us. Malwarebytes Anti-Malware...

CONTINUE READING 14 Comments

Cybercrime | Malware

The Cat-and-Mouse Game: The Story of Malwarebytes Chameleon

April 24, 2012 - The fight against malware is a cat-and-mouse game. It is constant and constantly escalating. They make a move, you counter it, they counter your counter, lather, rinse, repeat. What’s more: malware almost always has the advantage. Our software Malwarebytes Anti-Malware earned a reputation for having a high success rate in combating new in-the-wild malware infections:...

CONTINUE READING 7 Comments

Cybercrime | Hacking

Cybercrime at $12.5 Billion: The Great Underreported Threat

May 7, 2012 - From the outside looking in, it may appear that the press regularly reports stories when a company’s website, database or intellectual property has been hacked, stolen or compromised. The more eye-opening fact of the matter is that the scale and scope of the cybercrime problem is much, much larger and the actual incidences of these...

CONTINUE READING 2 Comments

Cybercrime | Hacking

DDOS, Botnets and Worms…Oh My!

May 14, 2012 - The recent attack on the Serious Organized Crime Agency (SOCA), most likely in response to the 36 data selling sites shut down a few weeks ago, lead to the admission by high ranking SOCA officials that the Ministry of Defense networks need to “beef up their security.” In response to this we would like to...

CONTINUE READING 1 Comment

Cybercrime | Exploits

“The Sky is Falling… Are You at Risk from the Flame Malware?”

June 1, 2012 - The last time I checked with Google News this morning there were over 19,100,000 results for “flame malware”. You may have heard many stories this week about this complex trojan. Here are links to three of my current personal favorite articles on “Flame”. Powerful ‘Flame’ cyberweapon tied to popular Angry Birds game – (Fox News)...

CONTINUE READING 3 Comments

ABOUT THE AUTHOR

Christopher Boyd
Lead Malware Intelligence Analyst

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.

CATEGORIES

101 Cybercrime Malwarebytes news PUP Security world

SEARCH LABS

TOP POSTS