There is a lot of malware spam on twitter at the moment. I’m getting between 100-500 Direct Messages (DMs) a day from compromised accounts. They say things like:
“i made $426.23 online today with”
“I make money online with google. i learned how here”
“this you here”
“hey can you do me a favor? take this iq test. here”
“hey. can you take this quiz thingy? here”
“wow. i didn’t know my iq score until now. i got it here”
“can you do this quiz for me?? go here”
“hi there. this place has the best ringtones. i just got some.. go here:”
“hey, i got free ringtones from here…”
“get some ringtones for me here;”
“hi! i just got a bunch of ringtones from here:”
“omg! i took this quiz my score is higher than yours!! check here”
“Let’s find out if your IQ is higher. Here”
“OMG I can’t believe I found you”
“Hey, this you?”
“Hah. this you?”
“you look funny on here”
“i can’t stop laughing at this..”
“this was funny”
“rofl this you???”
“LOL, omg this you?”
“hahah you should see this”
“You’re on here…”
“this gotta be you in this picture ?”
“Make money from home you’re guaranteed $3,000-$8,000 a month”
“wow this really works! i found out who stalks me”
“Someone said this real bad thing about you in a blog”
“You really had the nerve to say this about me?”
“You need to read this, really bad stuff being said about you”
“check out this embarrassing photo of you.”
“I saw a real bad blog about you, you seen this?”
“Automated DM, You are tweeting too much! click here to avoid account suspension!”
“lol…I’m laughing so hard at this pic of u my friend posted”
“Hi somebody is saying horrible things about you…”
“lol…omg i am laughing so hard at this pic of me someone found”
“did you see this crazy tweet about you?”
“Are you satisfied with a 9-5 job?”
“Is your boss pushing you over the limit?”
“Do you think it’s time to quit your job?”
“i wish i thought of doing this sooner working within an hour with no degree…”
“#part3.txt totally reminded me of you when i looked at this”
“you might want to view this this mom is live on CNBC i thought of you when i saw this”
Or tweets that say:
“New App., it shows me who ‘stalks’ my twitter!”
“A Real Diet, that Really Works!”
“lmao…omg i am laughing so hard at this pic of me my friend found”
“ROFLMAO i can’t stop laughing at this pic of you”
“haha the look on your face in this pix is priceless!”
“I saw this really nasty tweet about you this user must not like you”
“I’ve reported your account, want to know why? click here”
“Someone is posting a pic of you all over twitter ;( link2pic here”
“did you see this photo of you yet??”
“this pic of you has me laughing hard”
… all with links at the end. I just copy/pasted some of the ones I received and updated the list over time.
DON’T CLICK THE LINK
Even if it’s from one of your close friends. I deliberately infected a test account so I could bring you the most accurate information. The link takes you to a page that looks identical to Twitter’s home page. But if you look at the url in the address bar, it won’t be from Twitter.com.
When you login, you’ll be redirected to Twitter and not know anything has happened, apart from maybe a little message saying you’re already signed in. In the meantime, you’ve just sent your username and password off to a database somewhere. A couple of times a day, whatever spammer owns that list uses your login details to send infected Direct Messages to all your followers and infected Tweets, some with @reply. I presume this is how that part works, based on my observation that the infected tweets come in waves, rather than all the time.
In the simplest terms – clicking the link and logging in causes your Twitter account to be hacked and send spam to your followers.
If you’ve been hacked: Resetting your Twitter password should be enough to fix it. Go right now to –> https://twitter.com/account/password <– and change your password now. If you don’t trust that link (hey, you just got hacked, so I can understand you being suspicious of anything right now!), the other way is to go to Twitter, hover over your name in the top bar, click Settings, then click the Password tab and change your password.
If your account is still infected, repeat the above, then go to your Browser Settings and clear your cache and delete your saved passwords (reader tip – thanks @Pepperfire). Also, go to your list of connections –> https://twitter.com/account/connections <– and click “revoke access” to any application you don’t remember allowing.
You should be fine after that.
If you don’t do anything, Twitter will change your password on you and send you an email asking you to choose a new one.
Twitter also seems to delete all the infected DMs when they reset your password, so that’ll save you a bunch of time.
If you receive a malware DM like the ones listed above: remember they are also a victim, so blocking them won’t solve much. It’s better to send the person the following message:
I received a virus DM from you. Change your twitter password & revoke access to bad apps may fix it. More info: http://bello.ws/18
You can just copy and paste that – it’s designed to be the right size for a twitter DM. The link will take them to this page, so they can go through the “unhacking” procedure above.
Remember: the malware comes from hacked accounts. The people generally have no idea their account has been compromised. They aren’t sending the malware; someone else is controlling that. Unless they go to their sent messages –> https://twitter.com/sent <– they wouldn’t know they’ve been hacked.
Be Gentle With Them
It’s not their fault (apart from clicking on a link in a message they may have received from a friend).
Prevention: It’s as simple as when you sign in to your Twitter account ALWAYS check that the url at the top starts with http://twitter.com or https://twitter.com.
Please pass this message around. The more people know about this, the quicker we can stop this mess.
Click here to automatically fill a tweet. You can edit it in twitter, or just hit send to tweet it to your followers.
>>Your account has been hacked and is sending spam to your followers. Learn how to fix it here: http://bello.ws/18
Only problem is that warning and link itself–though sent with good intentions–might seem to be to the innocent recipient as a malicious message to fool them into clicking a link. Is there a way of wording it so it doesn’t seem like another attempt to get their info?
Thanks Archie. I see your point. How about:
I just received a virus DM from you. Changing your twitter password & revoking access to bad apps may fix it. More info: http://bello.ws/18
I’ve edited the suggested response in the main article to this.
If you (or anyone else reading this) have a better idea, please respond here.
Another way not to get Twitter DM spam is to not auto follow every single whootanny follower you get. But hey, numbers mean everything, right!? What’s a Trojan Horse between you and EPIC Twitser Famez!
Also, go to your Browser password saver and erase your auto-login.
There is no doubt in my mind that there is a worm going around that takes advantage of the security hole in your browser that signs you in with your password keeper. Once it’s in, it’s in.
I could be wrong, but there may be advantages to using a desktop tool to tweet, such as tweetdeck tweetminer Seesmic or Twhirl.
@Pepperfire
Cheers for this nice to know I’m not the only one. Bastard hackers! :-)
It’s probably some 12 year old kid in a basement somewhere :D
Thanks for the Infos. Rescued me. Didnt see the hack.
Thanks for the great information! I have passed it along :)
I clicked on the link as well because the DM itself was suspicious enough to alert me – and my browser’s phishing filter already blocked access to the site.
Just another example why you should think BEFORE clicking…..
And keep your systems up to date!
Keeping your system up to date is very important. A lot of viruses could be prevented by that.
Thank you for this very useful info – I would not have known how to fix the problem?! Hopefully my account is safe now, and I will pass the info along :) Thanks again!
Hey, I’m getting DMs with suspicious links. My account got hacked this morning. Will deleting the message help?
Delete the messages if you want, but deleting the messages won’t unhack your account. You need to change your password. The messages are no different from if you get email spam.
This was very helpful and a little scary as well. Is it the same kind of thing when Facebook gets hacked? My husband uses one of those password savers because supposedly there are companies out there that watch your key strokes and get your passwords there. Is that a good idea or is that a bad idea? I was reading a comment about deleting your passwords and things from there.
Slightly different problem with Facebook due to their different authorisation method and extensive apps, but the principle is the same.
Wow, thanks for the heads up. So that is how the spammers are able to send direct messages. They actually have to get into persons accounts in order to send their followers direct messages. That is actually a good sign. Because if twitter marketing programs or scripts would be able to somehow circumvent the twitter security settings and be able to send direct messages to users from outside of accounts, then that would be disconcerting.
Yes Twitter has a pretty solid programming team. It would take elite level hacker skills to circumvent twitter’s security settings and they’re usually busy on things that actually matter to them :)
Like many of the other readers, I want to thank you for providing all of these snippets to serve as warnings so that we know what to look for in future tweets. I do believe I have received several of these already. Actually, most of the tweets that I get that proved to be spam are not direct messages, they are just tweets with the link. I use the application, Twitter texts, but I don’t abuse it.
I thank you again for this informative article which contains these warnings which can help us prevent any possible traps that come from this type of twitter spam . Some of us might also be able to avoid getting a virus or malware. I noticed that that there is usually people who follow you from scrupulous incomplete looking profiles which the form in order to send you links to something they’re selling. That is rude.