If You Get a Misspelled Twitter Message From a Friend, Don’t Click On Any Facebook Video Links

The Citizen's Guide to the Future
Sept. 24 2012 5:56 PM

If You Get a Misspelled Twitter Message From a Friend, Don’t Click On Any Facebook Video Links

Twitter_malware_DM
Hackers are spreading malware among friends via direct messages on Twitter, where everyone writes like a spammer anyway.

Screenshot

A few days ago, I got a direct message on Twitter from a friend with whom I hadn’t spoken in a while. “lol ur famous now,” she wrote, and supplied a link.

Will Oremus Will Oremus

Will Oremus is Slate's senior technology writer.

Without a thought beyond, “She must have a very loose definition of ‘famous,’” I clicked—and quickly realized something wasn’t right. The link took me to Facebook, where a message popped up telling me I needed to be logged in to access an application. I closed the window without clicking and emailed my friend to let her know that her Twitter account had been hacked.

Advertisement

Apparently, though, plenty of people are going ahead and following instructions, whether out of irresistible curiosity or because they trust links that originate from people they know. Sophos’ Naked Security blog today confirms that this is a malware attack, and that it seems to be spreading.

Variations on the wording include “your in this <link> LoL” and “you even see him taping you <link> that’s awful.” Those who do log in are greeted by a message telling them an update to their YouTube player is needed to view the clip. When they click “install,” Sophos reports, they download a program called “FlashPlayerV10.1.57.108.exe”—a known Trojan with the ability to copy itself onto other machines. From Naked Security:

Quite how users' Twitter accounts became compromised to send the malicious DMs in the first place isn't currently clear, but the attack underlines the importance of not automatically clicking on a link just because it appeared to be sent to you by a trusted friend.

This is far from the first scam to spread via social media. In July reports surfaced of Russian hackers using unsolicited Twitter messages to infect PCs with a nefarious exploit kit. And earlier this year a direct message scam told its targets, “Hey some person is saying horrible things about you.” Nor has Facebook been immune to similar attacks.

Many have pointed out that these types of social-media scams trade on the trust we have in our friends, making them more effective than your standard Nigerian email scam. Of course, your friends’ email accounts can be hacked too. But at least you can generally tell when an email from a friend is written in a voice or style that seems unlike her own.

The beauty of the Twitter direct-message hack is that Twitter’s brevity constraints sometimes force even accomplished writers to construct sentences like “lol ur famous now.” On Twitter, in short, we all write like spammers.

Future Tense is a partnership of SlateNew America, and Arizona State University.

TODAY IN SLATE

History

Slate Plus Early Read: The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Rehtaeh Parsons Was the Most Famous Victim in Canada. Now, Journalists Can’t Even Say Her Name.

Mitt Romney May Be Weighing a 2016 Run. That Would Be a Big Mistake.

Amazing Photos From Hong Kong’s Umbrella Revolution

Transparent Is the Fall’s Only Great New Show

The XX Factor

Rehtaeh Parsons Was the Most Famous Victim in Canada

Now, journalists can't even say her name.

Doublex

Lena Dunham, the Book

More shtick than honesty in Not That Kind of Girl.

What a Juicy New Book About Diane Sawyer and Katie Couric Fails to Tell Us About the TV News Business

Does Your Child Have Sluggish Cognitive Tempo? Or Is That Just a Disorder Made Up to Scare You?

  News & Politics
Damned Spot
Sept. 30 2014 9:00 AM Now Stare. Don’t Stop. The perfect political wife’s loving gaze in campaign ads.
  Business
Moneybox
Sept. 29 2014 7:01 PM We May Never Know If Larry Ellison Flew a Fighter Jet Under the Golden Gate Bridge
  Life
Quora
Sept. 30 2014 9:32 AM Why Are Mint Condition Comic Books So Expensive?
  Double X
Doublex
Sept. 29 2014 11:43 PM Lena Dunham, the Book More shtick than honesty in Not That Kind of Girl.
  Slate Plus
Slate Fare
Sept. 29 2014 8:45 AM Slate Isn’t Too Liberal. But… What readers said about the magazine’s bias and balance.
  Arts
Brow Beat
Sept. 29 2014 9:06 PM Paul Thomas Anderson’s Inherent Vice Looks Like a Comic Masterpiece
  Technology
Future Tense
Sept. 30 2014 7:36 AM Almost Humane What sci-fi can teach us about our treatment of prisoners of war.
  Health & Science
Bad Astronomy
Sept. 30 2014 7:30 AM What Lurks Beneath The Methane Lakes of Titan?
  Sports
Sports Nut
Sept. 28 2014 8:30 PM NFL Players Die Young. Or Maybe They Live Long Lives. Why it’s so hard to pin down the effects of football on players’ lives.