OMG CNN Confirmed Osama Is Alive – Scam spreads on Twitter

If you are seeing tweets right now from Twitter users, you may be misled into thinking that U.S. news organization CNN has revealed that Osama bin Laden is alive, Internet security firm Websense has reported.

The tweets lead to a phishing page.  Tweets are being posted by users right now at the rate of several hundred tweets per second and include:

omgg osama is alive!!! cnn confirmed that he’s still out there :((

I cant BELIEVE osama is still alive – CNN confirmed he around stillll :O

OMG CNN confirmed that they found Osama alive still ! ! !

Tweets lead to a bit.ly redirector that takes the user to a convincing phish page designed to harvest the user’s Twitter account credentials.

A user who enters credentials is then taken to a YouTube video related to the topic of the scam, a CNN video discussing the news “‘Osama is alive’ say protestors.”

The redirection chain is thus: hxxp://bit.ly/m[removed]Y -> hxxp://twitter.[removed].ru/relogin.php -> hxxp://www.youtube.com/watch?v=Ga[removed]Mg

Twitter trend-tracking service Trendistic recorded this scam as being 1% of the volume of all tweets some 8 hours ago.  The current rate of tweets is around 200 per minute, so the phishing page could be successfully harvesting Twitter account credentials and then tweeting on their behalf, thereby spreading the phishing links.

When Osama bin Laden’s death was announced, we saw Facebook status updates offering a video of the events.  Malware authors often use news events to entice and trick users into performing actions such as following website links.

Websense Security Labs advises Twitter users who believe they may have fallen for this scam to change their passwords immediately and to check their Twitter feeds for postings related to this scam topic.

Carl Leonard, Senior Manager, Websense Security Labs said, “Using Twitter to perpetuate a scam is as regular an occurrence as changing socks. It’s interesting in this case to see how the malware authors ‘make’ the news to spread their scams. At the current rate of 200 tweets per minute, this particular phishing page can successfully harvest Twitter account credentials and further spread phishing links by tweeting on unsuspecting users behalf. If you believe you may have fallen for this scam – change your password immediately”

Lord Gaga video banned? Twitter rogue app spread by scammers

After a rogue video of Lady Gaga stormed Twitter, scammers are once again seeding an attack against Twitter users, posing as a banned video of “Lord Gaga” in an attempt to compromise accounts.

The mention of “Lord Gaga” refers to a running-joke on Twitter today, about what would happen if Harry Potter villain Lord Voldermort and Lady Gaga hooked up. The hashtags, which can vary, appear to be taken from Twitter’s trending topics in an attempt to reach a wider audience.

“New Twitter profiles, which have the names and avatars of young women, have been created specifically for the purposes of spreading the link “, notes Graham Cluley, senior technology consultant at Sophos.

What makes the profiles even more suspicious is that the only messages they have tweeted out so far have all been to the same place – a fake YouTube site, which pretends to host the banned video.

Twitter’s security team would be wise to shut down the bogus profiles as soon as possible, before the attack spreads further because rather than playing a music video, clicking on the player will attempt to trick users into giving a rogue application the rights to access their Twitter account.

An app called “money works new” hardly sounds like it would be connected to a music video, and you would be wise not to give it access to your account. But, as we’ve seen in the past, Twitter users can be tricked by such an attack into making poor decisions.

If you do make the mistake of authorizing the app, the scammers won’t waste any time posting the same message from your account – hoping to entrap more victims.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

Banned Lady Gaga video attack spreads on Twitter

Watch out for tweets about a banned Lady Gaga video, currently spreading across the Twitter network, warns security firm Sophos.

The tweets are being posted by rogue applications, that users are allowing to access their profiles in the belief that they will get to view a prohibited video of Lady Gaga

VIDEO PROHIBIDO LADY GAGA banned [LINK] @shakira @ladygaga como ganar dinero facil

(Please note that the precise wording can vary)

If you make the mistake of clicking on the link you are taken to a fake YouTube webpage.

Of course, you believe that you’re going to watch a banned video of Lady Gaga so you might very well click on the play button.

Doing so, however, asks you to grant permission to a third party app which wants to connect with your Twitter account.

“Don’t, whatever you do, give it permission to continue. Because if you do, your account can now be accessed by third parties – who will be able to post messages in your name to all of your followers. Hopefully the fact that the messages we have seen so far have all been in Spanish may reduce the impact of this particular attack,” says Graham Cluley, senior technology consultant at Sophos.

Interestingly, it seems that Lady Gaga herself has been having trouble with these Twitter hackers.

The eccentric songstress, who has more followers on Twitter than anyone else in the world, posted a message yesterday saying:

Whoever is hacking my Twitter must answer to 10 million monsters and Twitter police. #Don’tMakeMeCallTheApostles

The bit.ly links used in the messages posted to Lady Gaga’s Twitter page linked to the same fake YouTube page, and were created by the same person who appears to be behind the rogue application attack.

Is it possible that Lady Gaga, or the staff who manage her Twitter account, fell for the scam themselves? And that’s why the rogue message appeared on Lady Gaga’s Twitter page?

Lady Gaga has over 9.6 million followers on Twitter, making her the most popular person on the network (yes, beating even Justin Bieber..) and a prize goal for any scammer who wants their scammy spammy links to be spread to as wide an audience as possible.

If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

Governments snooping more and more on Internet

Freedom on the Internet is coming under more and more threat from governments around the world, according to the second ‘Freedom on the Net’ (FOTN) report by the Freedom Institute for 2011.

The study of 37 countries found former Soviet republic Estonia to have the freest Internet, with a restriction of just 10 points, followed by the United States with a restriction score of 13.

The most restricted Internet is for users in Iran, Cuba, China and Burma, with restriction levels of between 83 and 89 (out of 100).

The overall trend, the report found, was towards less and less freedom on the Internet as governments become more and more alarmed at or better at controller what they consider uncomfortable exchange of information and co-operation through the Internet.

“Of the 15 countries covered in the pilot [report of 2009], a total of 9 registered score declines over the past two years,” the report noted.

Freedom House is an international non-governmental organization (NGO) based in Washington DC that conducts research and advocacy on democracy, political freedom and human rights, known for its annual report on democratic freedoms in each country.

Even in the newly added countries, the report, compiled by more than 40 researchers based around the World, found evidence of a “negative trajectory,” in at least half of them in the last two years.

It found increased government blocking, filtering, legal action, and intimidation to prevent users from accessing unfavorable content and in other places, cyberattacks, misinformation, and other indirect methods to alter the information landscape, such as creating dummy sites.

“These states are increasingly blocking and filtering websites associated with the political opposition, coercing website owners into taking down politically and socially controversial content, and arresting bloggers and ordinary users for posting information that is contrary to the government’s views,” it pointed out.

It held the increased governmental nervousness in many repressed countries to the role played by Internet-based organization and communication tools like Facebook, Twitter etc.

“In 12 of the 37 countries examined, the authorities consistently or temporarily imposed total bans on YouTube, Facebook, Twitter, or equivalent services,” it noted.

The report found that out of the total 6.5 billion people in the World, over two billion now have access to the Internet — nearly double that of five years ago.

• Specific examples of Governments blocking or manipulating Internet chronicled in the report include the following:South Korean authorities blocked access to an estimated 65 North Korea–related sites, including the official North Korean Twitter account, launched in August 2010.
• A Chinese woman was sent to a labor camp over a satirical Twitter message,
• An Indonesian housewife faced high fines for an e-mail she sent to friends complaining about a local hospital.
• A 19-year old Tibetan was detained after looking at online photographs of the Dalai Lama.
• A Thai judge in March 2011 sentenced a web developer to 13 years in prison for comments he posted and for refusing to remove the remarks of others.
• In Thailand, at least one editor is facing criminal charges over reader comments that were critical of the monarchy.
• In Belarus, the country’s largest ISP, the state-owned Belpak, redirected users from independent media sites to nearly identical clones that provided misleading information, such as the incorrect location of a planned opposition rally.
• In Egypt, officials shut down the Internet nationwide for five days in January in an unsuccessful attempt to curb anti-government protests. The operation was accomplished within the span of one hour.
• The award for the best anti-freedom activities on the Internet was given to the Chinese government.

Among the strategies developed by the Chinese government, it is hiring people to post pro-government comments in discussion to drown dissenters and complainers. Such people even have a name, the “50 Cent Party”, the report noted.

“Recruiting advertisements for similar commentators have reportedly begun to appear on Russian job sites,” it pointed out.

“China has emerged as a major global source of cyberattacks. Although not all attacks originating in the country have been explicitly traced back to the government, their scale, organization, and chosen targets have led many experts to conclude that they are either sponsored or condoned by Chinese military and intelligence agencies.

“The assaults have included distributed denial-of-service (DDoS) attacks on domestic and overseas human rights groups, e-mail messages to foreign journalists that carry malicious software capable of spying on the recipient’s computer, and large-scale hacking raids on the information systems of over 30 financial, defense, and technology companies, most of them based in the United States.

“In addition, independent analysts have detected cyberespionage networks that extend to 103 countries as part of an effort to spy on the Tibetan government-in-exile and its foreign government contacts,” the Washington-based organization noted.

You “Unfollowed Me” on Twitter! Beware, it’s a rogue app

Once again Twitter users are finding themselves hit by a fast-infecting attack, more commonly encountered by their Facebook-using cousins: a rogue application spreading virally across the network.

Sophos reports that thousands of Twitter users have fallen into the trap of allowing rogue third-party applications access their Twitter accounts, believing that it would tell them how many people have unfollowed them.

A typical message reads:

58 people have unfollowed me, find out how many have unfollowed you: [LINK] #rw2011 #duringsexplease #youneedanasswhoopin

See the hashtags? They appear to be currently trending phrases on Twitter – presumably the rogue applications are using them in the messages they spam out in an attempt to trick more users into clicking on the links.

If you do click on the link you are asked to give authorisation for a third-party application to access your Twitter account.

“Don’t, whatever you do, press the “Allow” button. If you do, then a third party is now capable of tweeting messages in your name to all of your Twitter followers – which spreads the scam virally across Twitter and may result in one of your online friends also having their account compromised,” warns Garaham Cluley, senior technology consultant at Sophos.

So, how do the scammers make money? That’s the next piece of the jigsaw.

You’re anxious to find out who has unfollowed you on Twitter. The scammers take advantage of that by presenting a webpage which looks as if it’s about to reveal that information – but is actually designed to make you take an online survey instead.

The scammers make money for each survey that is completed.

If you were unfortunate enough to grant one of these rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.

Don’t make it easy for scammers to make money in this way, and always exercise caution about which third party apps you allow to connect with your social networking accounts.

Beware of Blackhat SEO Poisoning Attacks

According to a research on blackhat SEO, an increase in search engine optimization (SEO) poisoning attacks are exploiting several recent high-profile news events. There is a warning for internet users that searching topics as the disasters in Japan, Charlie Sheen and the NCAA “March Madness” tournament should be on high alert for poisoned search engine links leading to malicious websites.

No one in the tech security world should be surprised that criminal exploitation of Twitter has commenced in earnest, Coding and social engineering techniques that spammers and malware purveyors have been refining and perfecting in the email realm over the past several years couldn’t mesh more smoothly into the world of social network messaging. And Twitter — the über popular Web 2.0 service that media companies can’t seem to hype enough — has presented cyber fraudsters with the attack vector of their dreams.

Anyone can sign up anonymously for a Twitter account and begin pushing unfiltered messages carrying tainted Web links — bad URLs — across the Internet. What’s more, Twitter has popularized the use of shortened URLs to enable users to point to Web pages in messages limited to 144 characters. It did not take cyber crooks long to discover that shortened URLs are most effective for disguising bad URLs.

Using search engines and watching videos are two of the top Internet activities that users do on a daily basis. In the threat landscape, this usually translates to threats such as blackhat SEO attacks, malicious pages crafted to look like YouTube pages, and, as we recently found out, attacks that use both blackhat SEO and malicious YouTube-like pages.

Search Engine Optimizations or SEO is basically used for improving the visibility of a website in search engines. BlackHat SEO on the other hand helps index and position fake/fraudulent websites in search engines. This is best achieved by making use of widely used topics, events, celebrity name. Actually anything that is most searched for or that is of great interest to the public.

Fight between Sony and Anonymous to intensify

The hacktivist group Anonymous is heightening it’s aggression against anyone who stands in the way of freedom to information. At the moment their target seems to be Sony. The group that recently brought down a number of Websites owned by Sony Corporation is now vowing to take ‘other ways’ to teach the company a lesson.

Sony recently sued a famed hacker George Hotz, who is popularly known as GeoHot in the security community for jailbreaking Sony PS3 gaming console. Though Sony and Hotz have reportedly reached a settlement, Anonymous is in no mood of a truce as it gears up for an in-store protest against Sony on April 16th.

Anonymous’ demands include allowing PlayStation owners to be able to modify their consoles and share content online — in essence to be able to legally jailbreak the consoles — as well as having Sony cease its legal actions against PlayStation hackers.

Anonymous is leveraging its large fan following on Twitter, Facebook, IRC, youtube and even its ‘official’ website to gather support. A part of the message that the group is promoting through these platforms reads:

On April 16th, we will take the protests against Sony to the streets. We encourage anyone who is able to come to a nearby Sony Store to support the cause, even if you are not usually involved with Anonymous. This is not just about Anonymous – this is about your rights.

The group is also urging people to make preparations before the actual protest takes place. It says that people who are interested in being a part of the protest should set up a ‘legal team’ that consists of at least 1 person that does not take part in the protest itself, who is in contact with a lawyer. Also, people are asked to make sure the phone number of the ‘legal team’ is written on your arm with something like permanent marker, to make sure they cannot lose it in a full body search – better safe than sorry.

Explaining their propaganda for launching the attacks on Sony, Anonymous wrote on its website.”Their (Sony’s) propaganda regarding jailbreaking implies that it encourages piracy and thereby makes people lose their jobs, whereas jailbreaking actually just means you are making YOUR device do what it should do. Imagine if Microsoft forced you to use Internet Explorer instead of Firefox or Chrome. Imagine if they denied users from using any other web browser than their own. Many people would obviously be pissed… but then, why aren’t you pissed at Sony?,”

Trying to win people instead of being termed as a notorious hacker group, Anonymous has claimed that it has no intention of putting gamers or end users in trouble. Its website states, “Anonymous is on your side, standing up for your rights. We are not aiming to attack customers of Sony. This attack is aimed solely at Sony, and we will try our best to not affect the gamers, as this would defeat the purpose of our actions.”

Sony hasn’t so far acknowledged the attacks by Anonymous and has termed the reason for the outages on its websites as ‘server maintenance’. So far, Anonymous seems to have an upper hand after Sony withdrew its suit against Holtz. Let’s wait and watch where this battle goes…