The tweet used in the scam reads: “OMG I just got over 1000 followers today from http://twittercut.com”. The twitter worm takes the victim to a fraudulent Twitter website requesting login and password details, sends the tweet to all followers, and takes the victim to a dating website to inflate the number of views resulting in revenue for the attackers.
According to privacy and security software provider PC Tools, the Twitter worm is spreading quickly attacking Twitter users mostly in the USA, Canada, Sweden and Brazil. By 26 May, the site had aggregated 13 000 unique visitors over two days, and revenues for the attackers are estimated to be “well into the thousands of dollars, based on a pay per click system”.
“This is another example of how cybercriminals will capitalise on areas of significant public interest”, said Sergei Shevchenko, senior malware analyst at PC Tools. “As people look for new information on the threat, it’s important to tell them that cybercriminals may be using this opportunity to find more victims. Like any threat it’s important that consumers know what to look out for to keep their computers and their records safe.”