Social networks are actively used by cybercriminals to spread malware. The most common type of attacks in Twitter usually show the same behaviour:

1.- You get a Direct Message (DM) from one of your contacts, with a shortened link.

2.- You click on the link.

3.- Any (or even all) of the following options will take place:

  • A) You are taken to a Twitter like website and asked to enter your Twitter credentials.
  • B) You are taken to a spam website (which also could try to infect you through some drive-by-download trick)
  • C) You are asked to download a file which will be some kind of Trojan.

Usually this is how it works, although some days ago it caught my attention a slightly different approach. This one, instead of sending you a DM it mentions you with some funny comment and a link.

These are some of the message that were being sent out from a compromised user account:


If the mentioned Twitter user clicks on the link, he will get to the following web:


Of course if you download and run the file, your computer will be infected, a nice Trojan for the collection.

The reason for using mentions is that you can mention anyone, while you can only send DMs to your followers, so potentially it could spread faster. However, people tend to trust more on DMs as they come from a “trusted” source (at least it is someone you are actively following) so the infection ratio per tweet sent will be higher using DMs.

Another option (we haven’t seen it yet, but I guess it is just a matter of time) is a mix of both techniques, sending DMs to your followers and mentions to the rest of the Twitter users.

Remember, do not trust anyone you don’t know, and beware of your friends as their accounts could have been compromised 🙂

And finally, if even after following my advice your Twitter account is hacked, do the following:

A) If you can still log into your account, change your password IMMEDIATELY.

B) If your password has been changed and you cannot access your account anymore, follow these instructions from the Twitter team.