Click to Enlarge
The answer, of course, is that this is not the real Twitter page at all. It�s part of an increasingly popular kit used for shenanigans:
The scammer downloads the zip, edits the links in the .htm file and places something likely to catch the attention of an end-user underneath the �Edit� line. The fact that the fake content is sitting directly underneath the �New Twitter� promotional text is not a coincidence.
Click to Enlarge
�Hey look, semi-naked ladies are part of the new Twitter experience! Yay! Oh wait, I have to run some sort of Sun Java update�and now my computer is sending Viagra spam to my mother.�
Top tip: if you happen to see semi-naked ladies posing under the yellow �Sign up� button on the Twitter homepage, you�re on a scam site. If the Twitter homepage starts popping boxes asking you to install Java security updates, or grab Adobe Flash executables, or files with �pwned� in the title � you�re on a scam site.
The �new Twitter experience� may be full of shiny, blinky things but infection files aren�t supposed to be part of the deal. On the bright side, all the fake pages we�ve seen so far make no attempt to disguise the fact they�re sitting on free hosting services. This obviously means that they don�t look a bit like the genuine Twitter.com URL. I�m sure it won�t stay like that forever though, so be wary of potential typosquatting because this technique combined with an �almost but not quite� domain name could reel in quite a few victims�
Christopher Boyd
No comments:
Post a Comment