×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Twitter Hit By BZPharma LOL Phishing Attack

timothy posted more than 3 years ago | from the 140-character-judgment dept.

Communications 81

An anonymous reader writes "Twitter users are being warned not to click on messages saying "'ol, this is funny,' as they can lead to their account details being stolen. A widespread attack has hit Twitter this weekend, tricking users into logging into a fake Twitter page — and thus handing their account details over to hackers. Messages include Lol. this is me?? / lol , this is funny. / ha ha, u look funny on here / Lol. this you?? followed by a link in the form of http://example/ [dot] com/?rid=http://twitter.verify.bzpharma [dot] net/login, where 'example.com' can vary. Clicking on the link redirects users to the second-half of the link, where the fake login page is hosted. In a video and blog entry, computer security firm Sophos is warning users that it is not just Twitter direct messages (DMs) that carry the poisoned links, but they are appearing on public profiles due to services such as GroupTweet which republish direct messages. Sophos also reports that the site being used for the Twitter phishing has also been constructed to steal information from users of the Bebo social network. Affected users are advised to change their passwords immediately."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

81 comments

You can't have twitter without (5, Insightful)

Anonymous Coward | more than 3 years ago | (#31220966)

twits.

Re:You can't have twitter without (1)

mwvdlee (775178) | more than 3 years ago | (#31221442)

They should have just called it "Douchebagger" so atleast some of those twits would've prevented themselves from using it.

Re:You can't have twitter without (0)

Anonymous Coward | more than 3 years ago | (#31221852)

More like, you can't have phishing attacks without twits. Twit = someone who uses what they don't know the first thing about and sincerely expects there won't be a problem.

Really, have you SEEN most phishing pages? The fake login pages? I've only ever seen one or two that were remotely convincing, and even then simply checking the domain would have identified the site as illegitimate. I feel no sympathy for anybody who falls for these. This is a form of Darwinism to be blunt.

They couldn't have picked a better target. People who jump on the latest trendy bandwagon are more likely to fall for these silly scams. Like a few years ago in the USA when the worst and most reckless drivers I saw, the ones who are willing to endanger other motorists because they can't be bothered to give a damn about basic things like paying attention. These drivers all had one thing in common: they overwhelmingly drove SUVs. That isn't because SUVs are so difficult to drive under good road conditions. No. It's not because SUVs inherently force the driver to not pay attention either. It's because relatively few people had SUVs until they became extremely trendy several years ago. Is anybody REALLY surprised that people who make major purchasing decisions based on trends are not the brightest among us, and that encountering an environment that has low tolerance for stupidity, like moving vehicles, makes this undeniably apparent? Same thing with Twitter and why it was targeted. Lots of sites have many users. Twitter has many users who follow trends.

Re:You can't have twitter without (0)

Anonymous Coward | more than 3 years ago | (#31222788)

I think you meant "twats"...

No need to thank me.

Re:You can't have twitter without (1)

Dan541 (1032000) | more than 4 years ago | (#31224390)

Re:You can't have twitter without (0)

Anonymous Coward | more than 4 years ago | (#31225768)

That's hilarious thanks for sharing.

Thanks for the warning (0)

Anonymous Coward | more than 3 years ago | (#31220984)

I could never have figured out their clever stratagem without you.

we need to stop coddling stupidity. (3, Insightful)

Anonymous Coward | more than 3 years ago | (#31221010)

Seriously, anyone with more than a few functional neurons is not going to type their password into a page they reached by clicking on a link from "LOL this is funny!".

We need to let people like that sink or swim. People end up being as stupid as we let them be. If we expect complete idiocy, we will *get* complete idiocy, and that harms the experience for the rest of us.

I say let these people experience the consequences of their own actions.

Re:we need to stop coddling stupidity. (5, Insightful)

InterruptDescriptorT (531083) | more than 3 years ago | (#31221140)

I don't necessarily disagree with you when you say 'We need to let people like that sink or swim', but in this world of tightly connected social networks where friendship among individuals governs their level of access to your details, I'm not so sure about that. You're only as secure as your weakest link. If one of your less technologically-savvy friends on Facebook happens to fall for this scheme and gives up his login information to the attackers, then your information is exposed to them, and you're put at risk. This is why while I sympathize with your point, I still think it's incredibly important that phishing attacks like this be cracked down upon as quickly as possible to prevent exactly that sort of thing from happening.

Re:we need to stop coddling stupidity. (1, Funny)

Anonymous Coward | more than 3 years ago | (#31221206)

You're under the mistaken impression that any of us here on Slashdot have friends. My social network of one person, myself, is quite large enough, thank you.

Re:we need to stop coddling stupidity. (0)

Anonymous Coward | more than 3 years ago | (#31222994)

Maybe you should put down the fork and start working out, fatty.

Re:we need to stop coddling stupidity. (0)

Anonymous Coward | more than 3 years ago | (#31223442)

Fork you.

Re:we need to stop coddling stupidity. (0, Redundant)

biryokumaru (822262) | more than 3 years ago | (#31221216)

If one of your less technologically-savvy friends on Facebook happens to fall for this scheme

Ha, your logic is flawed. No one here has friends!

Re:we need to stop coddling stupidity. (5, Insightful)

asdf7890 (1518587) | more than 3 years ago | (#31221362)

It isn't that your information is exposed if a friend's account is broken into (if you have stuff on Facebook or similar that you would care about being made public, then you are doing it wrong), it is the fact that a compromised account means the frauster has easten their way at least one level into your trust network. This means you have to think that little bit harder about your day-to-day link clicking (assuming some of your contacts are like some of mine and their dribblings are not always easy to distinguish from spam/phishing).

The real problem is more dangerous phishing - that which attempts to gain access to bank details or attempts to convince the user to let some local code to install. There is no way we'll ever completely stamp that out just as there is no partical way of completely stamping out burglary. The only thing we can do is to try educate the general public (spit) to be a little (or in many cases a lot) less naive. This is unfortunately much easier said than done - some people seem incapable of maintaining a healthy level of synacism when promised free smilies/cheats/porm or just "lols".

Every now and then I consider starting a small spam/phish campaign that collects data, throws it all away, and give the user s "why the hell were you stupid enough to do that?!?!" message. Perhaps distrubuting it as an app that collects Facebook account details and uses them to post a message stating "is stupid enough to give their password to a third party website" before deleting them. The second most significan reason I don't do this (the first being I'm too lazy to bother) is that the idiots caught and made to look daft would see me as the enemy and not learn anything more generally useful (like "if one anonymous site promising free shit can't be trusted with my password/creditcard/wife then maybe others can't either") from the exercise. Maybe banks could do it with their own customer base though - send out a fake phish and lock the accounts of people that fall for it until such time as the phone up and promise to be more careful in future.

Re:we need to stop coddling stupidity. (2, Insightful)

nedlohs (1335013) | more than 3 years ago | (#31221466)

If you put your information on facebook then it's already "exposed" to everyone. You'd have to be even dumber than someone who would fall for such a fake login link to think otherwise.

Re:we need to stop coddling stupidity. (1)

L4t3r4lu5 (1216702) | more than 4 years ago | (#31228082)

Indeed. I have a facebook account. It has my full name (quite unique), my date of birth, and a rough geographical location. It's one of the few instances which appears when I search for my full name (only one page on google). It basically states in a field viewable to anyone that it's my account, this is my only account, and no others accounts which report to be mine are genuine.

I've never used it. It's there so nobody can impersonate me on facebook (a big issue, considering the whole online bullying / suicide case a while ago).

Re:we need to stop coddling stupidity. (0)

Anonymous Coward | more than 4 years ago | (#31224464)

Then you know what you also do? You also make sure nobody that stupid is your friend.

Example, for 20 years, I have followed the policy of banning anybody who forwards anything (ANYTHING EVER FOR ANY REASON) from my email inbox. As a result, I'm never on the list for those email viruses that go around. In addition, I don't have to delete 50 "LOL U GOT C DIS HYUK HYUK WTF?" from my "friends" every day either.

In short, don't lie with dogs and you won't get fleas.

Re:we need to stop coddling stupidity. (1)

Serious Callers Only (1022605) | more than 4 years ago | (#31226992)

I don't necessarily disagree with you when you say 'We need to let people like that sink or swim', but in this world of tightly connected social networks where friendship among individuals governs their level of access to your details, I'm not so sure about that. You're only as secure as your weakest link. If one of your less technologically-savvy friends on Facebook happens to fall for this scheme and gives up his login information to the attackers, then your information is exposed to them, and you're put at risk.

Let this be a lesson that content put on a public network is never private. If you have stuff on Facebook you think is private, you should remove it right now, because Facebook has one of the worst track records for security and privacy breeches, and a demonstrable lack of concern for the privacy of your personal data (e.g. beacon fiasco).

What is incredibly important here is for people to realise that sites like Facebook *will never be truly private* and your value to them is precisely in the amount of information on yourself you're willing to give up (which it turns out is quite a lot), in return for a free service connecting you with your friends in a supposedly private manner.

Personally, I treat content I put on the internet (for all values of internet) as public, and don't put anything up I wouldn't be happy for the world to see, unless I have personally overseen the security measures used and am happy with them (and even then it's risky). You are always one exploit away from revealing all the information on Facebook etc. Walled garden sites like Facebook give a false sense of security to some people, and this sort of simple phishing should be a wake-up call that online accounts can and will be compromised frequently and should not contain lots of private info that you would not want public.

Re:we need to stop coddling stupidity. (0)

Anonymous Coward | more than 4 years ago | (#31227146)

Well if you are stupid enough to join a social networking site and want your "Tiger Woods" out in the open, then I say it is your own fault.

Is it just me or are most of these people who join such sites slightly insecure or are they just giving into peer pressure to join. Look there is a door, there is a world out there with plenty of people. Go out with your friends in the real world and meet new friends instead of this fake friendship circle bullcrap online.

Re:we need to stop coddling stupidity. (4, Funny)

ObsessiveMathsFreak (773371) | more than 3 years ago | (#31221630)

We need to let people like that sink or swim.

You must remember that when they sink, their bodies sink to the deep to feed the legions of bottom feeders, which in turn grow to monstrous size. Eventually, we get dread 100,000 strong botnet krakens which rise to the surface and drag sites under with all hands lost.

In light of this, I prefer giving these users swim bands as a preventative measure.

Re:we need to stop coddling stupidity. (1)

TheRaven64 (641858) | more than 4 years ago | (#31223804)

Can we not just strap depth charges to them as they go down? We could call it 'being proactive' which sounds a lot more marketable than 'schadenfreude'.

Re:we need to stop coddling stupidity. (0)

Anonymous Coward | more than 3 years ago | (#31221888)

You need to get out more, most common people would fall for this. In fact, aside from my geeky friends, I couldn't name many people who *wouldn't* fall for it. It's obvious to you or me, but would go right over the majority's heads.

Re:we need to stop coddling stupidity. (1)

Mr Z (6791) | more than 3 years ago | (#31222076)

When you figure out how to get a botnet to only DDoS itself and not clog our inboxes with spam, let me know. Otherwise, legions of morons getting their machines conscripted into zombie hordes of spam-churning, site crashing drones is everybody's problem.

lol , this is funny. (-1, Redundant)

hkz (1266066) | more than 3 years ago | (#31221012)

lol , this is funny.

Re:lol , this is funny. (0)

Anonymous Coward | more than 3 years ago | (#31221554)

Huh, where's the link? I need to log in.

Interestingly... (4, Interesting)

DavidR1991 (1047748) | more than 3 years ago | (#31221018)

...I just deliberately sought out this thing so I could see what it looked like - and amazingly, whatever it does, it manages to somehow hide the "Suspected phishing site" page in Google Chrome: It briefly appears but then the page seems to reload automatically and the page disappears

So not only is this a pretty sophisticated clone of Twitter's login, they've somehow managed to force their way past the attack warning too. Any ideas how they've done that?

Re:Interestingly... (0)

Anonymous Coward | more than 3 years ago | (#31221068)

Quick redirect.

Re:Interestingly... (0)

Anonymous Coward | more than 3 years ago | (#31221270)

But why does Chrome even load the page to let it redirect? Seems like a huge oversight...

Re:Interestingly... (0)

Anonymous Coward | more than 3 years ago | (#31221504)

...I just deliberately sought out this thing so I could see what it looked like - and amazingly, whatever it does, it manages to somehow hide the "Suspected phishing site" page in Google Chrome: It briefly appears but then the page seems to reload automatically and the page disappears

So not only is this a pretty sophisticated clone of Twitter's login, they've somehow managed to force their way past the attack warning too. Any ideas how they've done that?

I am surprised this did not make a headline. "Chrome didn't catch it", but thats ok.......it's not IE so we wont slam it.

Ahhh, If you are using Chrome, Google already has all of your habits and information anyway, what does this matter?

Just antoher reason NOT to use any social networks...it's a fad, it will go away, just like the internets

Re:Interestingly... (2, Interesting)

CubeDude213 (678340) | more than 3 years ago | (#31221512)

I did the same thing when I got a direct message with it but Safari managed to warn me. I believe Safari uses Google’s database of phishing sites so it looks like a bug in Chrome.

Re:Interestingly... (1, Informative)

Anonymous Coward | more than 3 years ago | (#31221572)

Came up with the protection without issue here on 5.0.317.2 dev, might just be the older versions that are affected?

Re:Interestingly... (0)

Anonymous Coward | more than 3 years ago | (#31221938)

Probably. It redirected for me in Chrome 4.0.249.43 for Linux

Re:Interestingly... (0)

Anonymous Coward | more than 3 years ago | (#31222130)

Just tried upgrading, happens in Chrome 5.0.307.9 beta for linux too

OpenDNS (1)

alexanderpas (1532219) | more than 3 years ago | (#31222578)

I've added that specific page and domain to the Phishtank, causing the page to appear in the first place. ( http://www.phishtank.com/user.php?username=alexanderpas [phishtank.com] ) Probaly they used some kind of exploit to bypass the attack warning. The best way, is not to only rely on your browser for protection, but take a multilayered approach, for Example, Using OpenDNS ensuring the request doesn't even hit the DNS system.

Re:OpenDNS (1)

moonbender (547943) | more than 3 years ago | (#31222818)

That same OpenDNS anti phishing crap prevented me from going to a very prominent and perfectly innocuous German-language cooking website a couple of days ago. Pissed me off to no end because even after replacing the OpenDNS servers, I still got redirected because of some caching or other shenanigans. After some fiddling and restarting things it started working, though. And with DNS redirecting, it's not a matter of hitting a "Yes I'm sure" button, you can't get to the site full stop.

Thanks but no thanks, I'll rely on other methods -- primarily not being an idiot -- to avoid phishing. The affected site was chefkoch.de, if anyone cares, and I did submit it as a false positive, so maybe it's fixed now.

Re:Interestingly... (1)

TheRaven64 (641858) | more than 4 years ago | (#31223812)

That's okay. If you use Chrome, Google already has your passwords, and changed them last week to prevent you from giving it out to phishing sites.

Where the sheeple graze (1)

future assassin (639396) | more than 3 years ago | (#31221084)

wolves come out in force.

Re:Where the sheeple graze (3, Insightful)

biryokumaru (822262) | more than 3 years ago | (#31221110)

wolves

Shouldn't that be "wovles?" It would make more sense for "wovles" to prey on "sheeple."

Re:Where the sheeple graze (0)

Anonymous Coward | more than 3 years ago | (#31221208)

Are you saying that wolves prey on sheelpe? 'cause man, have I got some news for you...

Re:Where the sheeple graze (1)

tehcyder (746570) | more than 4 years ago | (#31228272)

Anyone who uses the word "sheeple" is unlikely to have the brains to make up a word of their own.

Re:Where the sheeple graze (1)

Anonymous Coward | more than 3 years ago | (#31221272)

Yeah! Stupid sheeple - all follow trends mindlessly like the Apple and Linux fanboys.

Or the FLOSS sheep! Yeah, I'm gonna work my ass off and GIVE away all my hard labor! Hey, how come no one notices and makes ME rich?!?

Sheeple, I tell ya.

lolwut (0)

Anonymous Coward | more than 3 years ago | (#31221350)

Twitter phishing warnings on Slashdot? That's a new low.

MSN (1)

dandart (1274360) | more than 3 years ago | (#31221482)

I swear that my MSN messenger has messages "from my friends" saying "haha this you? -link to dodgy site-". Of course I've never clicked on one. In fact I talked about security to a "hey wanna see my webcam?" bot once.

Re:MSN (0)

Anonymous Coward | more than 3 years ago | (#31221562)

And what did the bot say?

Re:MSN (2, Funny)

Anonymous Coward | more than 3 years ago | (#31222482)

I asked her what color her panties were and she said "j00z did 9/11!"

Weirdest sex chat I've ever had that didn't involve a robe and wizard hat.

what problem? (0)

Anonymous Coward | more than 3 years ago | (#31221534)

This malicious domain doesn't bother me (I use DNS Redirector to block it and thousands others)

The best solution is to just not use any of this "social networking" crap and go make friends in the real world ...and no, I'm not 60 and don't understand it, I'm 24 and smart enough to know its hype and stupidity

Re:what problem? (1)

tehcyder (746570) | more than 4 years ago | (#31228458)

The best solution is to just not use any of this "social networking" crap and go make friends in the real world

And the best way to avoid computer viruses is not to use a computer.

And how exactly does that steal your password? (1)

Snaller (147050) | more than 3 years ago | (#31221866)

Eh?

Re:And how exactly does that steal your password? (1, Interesting)

Anonymous Coward | more than 3 years ago | (#31222118)

well youre tricked into thinking your actually logging on the real twitter, so when you log you GIVE them your password, so its not really like they are stealing it, just receiving it

Re:And how exactly does that steal your password? (1)

uvajed_ekil (914487) | more than 3 years ago | (#31222448)

well youre tricked into thinking your actually logging on the real twitter, so when you log you GIVE them your password, so its not really like they are stealing it, just receiving it

I think if you commit a crime (copyright fraud counts) and use deception in an attempt to obtain something you should not have and do not have a right to have (someone else's login info), and can not use, that is stealing. If you leave a laptop out in public with a text editor open, and someone types in their password for no reason, you are merely receiving it, and they should be bitch-smacked. This misuse of networks is stealing. The vast majority of slashdotters probably wouldn't fall for it, but most people are not techies or especially suspicious by nature.

Pretty simple solution... (2, Insightful)

EWAdams (953502) | more than 3 years ago | (#31223038)

... ignore Twitter. That can't be hard, can it? How many hundreds of thousands of years did the human race do without it? And what has it contributed? The prosecution rests.

Re:Pretty simple solution... (1, Funny)

Anonymous Coward | more than 4 years ago | (#31223776)

Enjoy your nap.

Re:Pretty simple solution... (1)

The Good Reverend (84440) | more than 4 years ago | (#31226612)

I remember people saying that about the internet, yet here you are, being an old man on it.

Re:Pretty simple solution... (0)

Anonymous Coward | more than 4 years ago | (#31227172)

hahaha you would say that haha fuckin tweetard

Rubbish! (1)

EWAdams (953502) | more than 4 years ago | (#31227932)

The contribution of the Internet is indisputable. Even when it was the ARPANET its value was trivially obvious.

Twitter, on the other hand, is just trivial. And if it is now a source of germs as well, forget it.

Re:Pretty simple solution... (0)

Anonymous Coward | more than 4 years ago | (#31227240)

So far the only really useful thing that I've found with twitter that is you can properly bad mouth a company and actually get real customer support by doing it.

Otherwise, twitter doesn't provide me with anything...

What about URL shortening services? (3, Interesting)

HockeyPuck (141947) | more than 4 years ago | (#31225046)

I've always wondered why we don't see more phishing attacks with URL shortening services. Why not just tweet "Hey check out the pictures of my latest vacation at my picasaweb [tinyurl.com] page"? I don't think forcing users to install yet another plugin which checks out the tinyurl link as there's more than enough companies that do shorten URLs to make this plugin be yet another one which has to have to phone home to get updates...

Global block? (1)

Emperor Tiberius (673354) | more than 4 years ago | (#31226896)

I guess I have a hard time understanding why these things are so hard to block (globally). Doesn't Twitter maintain some sort of global regex cookbook of spam-laden crap?

Click here, this is really important (0, Offtopic)

FreakyGreenLeaky (1536953) | more than 4 years ago | (#31227100)

With Due Respect and Humanity, I was compelled to write to you under a humanitarian ground.. My name is Mrs. Jessica Meyer. I was born in Baltimore , Maryland ,I am married to Mr. Timothy Meyer director J.C Industries Cote d'Ivoire.We were married for 36 years without a child. He died after a Cadiac Arteries Operation.

And Recently, My Doctor told me that I would not last for the next six months due to my cancer problem (cancer of the lever and stroke). Before my husband died last year there is this sum $2.8 Million Dollars that he deposited in a bank here In Ivory Coast.Presently this money is still in the bank. Having known my condition I decided to donate this fund to any good God fearing brother or sister that will utilize this fund the way I am going to instruct herein. I want somebody that will use this fund according to the desire of my late.

Husband to help less privileged people, orphanages, widows and propagating the word of God. I took this decision because I don't have any child that will inherit this fund, And I don't want in away where this money will be used in an ungodly way. This is why I am taking this decision to hand you over this Fund. I am not afraid of death hence I know where I am going. I want you to always remember me in your daily prayers because of my up coming Cancer Surgery.

Write back as soon as possible any delay in your reply will give me room in sourcing another person for this same purpose, hoping to read from you ASAP.
God bless you as you listing to the voice of reasoning,

Oh come on... (1)

DaVince21 (1342819) | more than 4 years ago | (#31229244)

Only idiots are going to click links containing "pharma" in the title and then enter their password on the resulting page when they know they're already logged in.

I guess that means plenty of victims on Twitter.

Welcome to THE FUTURE! (1, Funny)

Anonymous Coward | more than 4 years ago | (#31229860)

Twitter and Facebook are the AOL of the 21st century.

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...