If You Get a Misspelled Twitter Message From a Friend, Don’t Click On Any Facebook Video Links

The Citizen's Guide to the Future
Sept. 24 2012 5:56 PM

If You Get a Misspelled Twitter Message From a Friend, Don’t Click On Any Facebook Video Links

Twitter_malware_DM
Hackers are spreading malware among friends via direct messages on Twitter, where everyone writes like a spammer anyway.

Screenshot

A few days ago, I got a direct message on Twitter from a friend with whom I hadn’t spoken in a while. “lol ur famous now,” she wrote, and supplied a link.

Will Oremus Will Oremus

Will Oremus is Slate's senior technology writer.

Without a thought beyond, “She must have a very loose definition of ‘famous,’” I clicked—and quickly realized something wasn’t right. The link took me to Facebook, where a message popped up telling me I needed to be logged in to access an application. I closed the window without clicking and emailed my friend to let her know that her Twitter account had been hacked.

Advertisement

Apparently, though, plenty of people are going ahead and following instructions, whether out of irresistible curiosity or because they trust links that originate from people they know. Sophos’ Naked Security blog today confirms that this is a malware attack, and that it seems to be spreading.

Variations on the wording include “your in this <link> LoL” and “you even see him taping you <link> that’s awful.” Those who do log in are greeted by a message telling them an update to their YouTube player is needed to view the clip. When they click “install,” Sophos reports, they download a program called “FlashPlayerV10.1.57.108.exe”—a known Trojan with the ability to copy itself onto other machines. From Naked Security:

Quite how users' Twitter accounts became compromised to send the malicious DMs in the first place isn't currently clear, but the attack underlines the importance of not automatically clicking on a link just because it appeared to be sent to you by a trusted friend.

This is far from the first scam to spread via social media. In July reports surfaced of Russian hackers using unsolicited Twitter messages to infect PCs with a nefarious exploit kit. And earlier this year a direct message scam told its targets, “Hey some person is saying horrible things about you.” Nor has Facebook been immune to similar attacks.

Many have pointed out that these types of social-media scams trade on the trust we have in our friends, making them more effective than your standard Nigerian email scam. Of course, your friends’ email accounts can be hacked too. But at least you can generally tell when an email from a friend is written in a voice or style that seems unlike her own.

The beauty of the Twitter direct-message hack is that Twitter’s brevity constraints sometimes force even accomplished writers to construct sentences like “lol ur famous now.” On Twitter, in short, we all write like spammers.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

Politics

Meet the New Bosses

How the Republicans would run the Senate.

The Government Is Giving Millions of Dollars in Electric-Car Subsidies to the Wrong Drivers

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Cheez-Its. Ritz. Triscuits.

Why all cracker names sound alike.

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Medical Examiner

Did America Get Fat by Drinking Diet Soda?  

A high-profile study points the finger at artificial sweeteners.

The Afghan Town With a Legitimately Good Tourism Pitch

A Futurama Writer on How the Vietnam War Shaped the Series

  News & Politics
Photography
Sept. 21 2014 11:34 PM People’s Climate March in Photos Hundreds of thousands of marchers took to the streets of NYC in the largest climate rally in history.
  Business
Business Insider
Sept. 20 2014 6:30 AM The Man Making Bill Gates Richer
  Life
Quora
Sept. 20 2014 7:27 AM How Do Plants Grow Aboard the International Space Station?
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Tv Club
Sept. 21 2014 1:15 PM The Slate Doctor Who Podcast: Episode 5  A spoiler-filled discussion of "Time Heist."
  Arts
Television
Sept. 21 2014 9:00 PM Attractive People Being Funny While Doing Amusing and Sometimes Romantic Things Don’t dismiss it. Friends was a truly great show.
  Technology
Future Tense
Sept. 21 2014 11:38 PM “Welcome to the War of Tomorrow” How Futurama’s writers depicted asymmetrical warfare.
  Health & Science
The Good Word
Sept. 21 2014 11:44 PM Does This Name Make Me Sound High-Fat? Why it just seems so right to call a cracker “Cheez-It.”
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.