Twitter 11.6 hours survey scam spreading virally: Sophos

by CXOtoday Staff    Mar 03, 2011

twitter virusIT security and data protection firm Sophos is warning Twitter users to be vigilant following the outbreak of a scam that is spreading links from users’ accounts without their knowledge. The scam which has already caught thousands of Twitter users off guard, dupes users into clicking on links, believing that it will reveal how many hours they have spent on Twitter.

“Scams like this are very commonly encountered on Facebook, but are more rarely seen on Twitter - meaning that many users will be sitting ducks to this type of attack,“ noted Graham Cluley, Sr. technology consultant, Sophos.

The offending links are being circulated on Twitter in messages containing the following text:
“I have spent 11.6 hours on Twitter. How much have you? Find out here: [LINK]“

The firm informed that if users click on the bit.ly link being used in the message, they are taken to a page which attempts to connect a rogue application called ‘Time on Tweeter‘ with the user’s Twitter account. The application instantly tweets a message from the victim’s Twitter feed, claiming that they too have spent 11.6 hours on Twitter, while also directing the victim to a page which presents a revenue-generating survey on behalf of the scammers.

Affected users need to revoke the rogue application’s access to their Twitter account immediately, or it will be able to spew out more links from your Twitter page - which could promote spam sites or link to malicious webpages. Although the company stated that it is in contact with bit.ly about closing down the offending link, it’s possible that the scammers will use other links and other names for their rogue applications.

“So be on your guard, and always think twice before allowing a third-party app to have access to your Twitter account,” advised Cluley.