New spam wave hits Twitter: “Get bigger and have sex longer”

Many Twitter users still haven't got over this weekend's BZPharma LOL phishing attack, and now a new campaign is being spammed out from compromised accounts directing users to a site selling herbal viagra to improve sexual performance.

Get bigger and have sex longer tweet

A typical spam message reads:

Get bigger and have sex longer. go here http://example.com/?rid=http://callbling.com

where 'example.com' can vary.

Clicking on the link redirects users to a website called callbling.com. It doesn't take a rocket scientist to work out what they're trying to sell to you..

Callbling spam-advertised site

I'm afraid that the only thing which might get bigger is the spammers' bank accounts.

My suspicion is that the accounts sending out the spam message will include many of the sites that were compromised in the earlier BZPharma LOL phishing attack which has been such a big problem on Twitter over the weekend.

As before, the spam messages aren't just being sent via direct message (DM). They are also appearing on public profiles, possibly because of third party services such as GroupTweet automatically republishing DMs.

If you see any unusual messages being posted from your Twitter account, please please change your password as soon as possible.

Posted by Graham Cluley, Sophos on Sunday, February 21, 2010 at 10:24 pm
Filed under Sophos News and Information · Tagged with herbal viagra, public profiles, rocket scientist, spam message, spam messages

Rogueware distributors use Skype

Rogueware distributors are like the cockroaches of the Internet; they’re everywhere. Malicious search results, online advertisements, and iframe hijacked sites are the typical distribution methods, but every once in a while we come across an interesting approach. Recently, a colleague alerted me of a spam message ...

Posted by PandaLabs Blog on Wednesday, December 16, 2009 at 10:42 am
Filed under Panda Security News and Information · Tagged with cockroaches, colleague, distribution methods, spam message, typical distribution

Flash, Large Hadron Collider and Malware

You must be wondering what these three have in common. They all appeared together in a special spam message today, in the latest incarnation of malware masquerading itself as a flash player plug-in.

This message appears very dodgy from the start:

Wow, don't ask me how I get this video, but it's realy cool
http://mytinyurl.net/<hidden>

Once the link has been clicked on we get redirected to another page which claims to play a cool video of the Large Hadron Collider.

Of course, since this video is so “cool” and “new”, we don’t seem to have the correct Flash plugin for the movie, so we are asked to update it.

Far from watching the world’s largest particle accelerator in action, we get another boring old malware.

This so-called Flash update is malicious. We detect this malware as Troj/TDSS-BP.

Apparently 917130 people have already been infected .. oops already watched this great video. ;-)

Posted by Prashant Kumar, SophosLabs AU on Monday, November 23, 2009 at 3:36 am
Filed under Sophos News and Information · Tagged with correct flash, flash player plug, large hadron collider, largest particle accelerator, spam message

Rogueware distributors use Skype