Sophos is warning Twitter users to be cautious following the discovery of new rogue applications designed to help scammers earn money by spreading links that point to online surveys.
Following attacks this weekend, which saw users spreading messages about a girl who killed herself and how addicted they were to Twitter, new messages are appearing on Twitter claiming to count how long users have been members of the social networking web site.
Offending tweets contain a variation on the following text, with the amount of time shown differing between users: "I have spent 379 days, 9096 hours on Twitter. How much have you? Find out here: [LINK]"
The messages, posted by an application called "Your Online Timer", include a link which – if clicked on by other Twitter users – will encourage them to authorise "Your Online Timer" to access and update their Twitter accounts. If the application is approved, users will be taken to a web site which claims it will find out the time spent to date on Twitter. The page pops up with a survey that earns the scammers money for each questionnaire completed.
In addition, without explicit approval, victims’ Twitter account status is updated, spreading the link virally to other Twitter users.
"Viral scams like this one are commonly encountered on Facebook, but are now being spread by their creators to Twitter. It's possible that the people behind these attacks view Twitter users as a softer target who may generate more income for them," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"Social networks have a responsibility to protect their users from scams and spam, but ultimately it's down to the user to think very carefully before handing over the keys to their social network account to an unknown application."
Those affected should revoke the application's access to their Twitter account without delay. This can be done by entering Settings/Connections and revoking the rights to the relevant application.
"If the application's access to your account is not revoked, the scammers could use it to spread other messages, potentially including links to malicious web sites, phishing attacks or other spam campaigns," says Myroff. "The last thing you want is for your Twitter followers to believe that you are being careless with your account's security and potentially putting them at risk, too."