Ok, so then they have everybody's password.....then what? They post a bunch of tweets about nothing, isn't that what the owner of the account already is doing? =)
Jerry Zambrano
· 2 months ago
With the username and your passwords, they (in general) can google your username, and attempt to hack into any of your accounts that have that username. Either with the password retrieved, or brute force attack (password guessing usually based on a variation of your stolen password or other information on the hi-jacked account).
Just reset. Saves too many headaches or possible headaches.
J.
Name
· 2 months ago
I say we track the bastards down and remove their fingernails with pliers.
JoshBoulton
· 2 months ago
And then castrate them with wooden spoons? Meh...
brianreeves
· 2 months ago
Is this really a worm or just another fake login scam like they always used to do on MySpace...it does not sound like computers are getting infected, just login info is being stolen and used to resend the message...
If your account is being used in this way...just change your password and it will stop.
Like the MySpace home page warns...if you do not see 'twitter.com' in the address bar, DO NOT LOG IN!
DWTS Fan
· 2 months ago
I'm not popular enough to have got one :(
Keith Feeney
· 2 months ago
People should use a service like TrueTwit to ask new followers to verify themselves. Bots can't click on the link and enter the CAPTCHA codes. Just a suggestion.
plasticmadness
· 2 months ago
Hmmm. This looks interesting. i'll have to check it out.
Nadia
· 2 months ago
This has happened to many of my friends! DO NOT SIGN IN!
I think you're one of the very first to catch this. Good job.
tweetamar
· 2 months ago
Why thank you! I wish I'd gotten credit for it - but I'm sure a bunch of people spotted it at the same time. Still love @mashable :-)
MY STADY
· 1 month ago
What's there to spot? If people still fall for phony websites that ask for your password when you KNOW you're logged in then you deserve to get jacked.
Guest
· 2 months ago
Nice try pal! I ain't clicking that link ;)
Aaron Cook
· 2 months ago
Don't worry, it's legit. WP.me is WordPress.com's URL shortener. The link directs to his blog.
Gregg
· 2 months ago
That link look fishy. Althoug its a good domain hack.
I got this as well, but I just deleted it and unfollowed who sent it to me. Should I be ok?
ZoomJer
· 2 months ago
No need to unfollow. That won't change your threat level. Honestly, clicking on the link can't hurt you unless you type in your id and password once you land on the scam page. Just let the person who sent it to you know that they better change their password and on any site that they use that password too. As "Jerry Zambrano" said above (must be the name), they could search your id and see where else you use it and then abuse those accounts.
-Jerry
James Hsieh
· 2 months ago
I just saw one of those in my message box. But generally, I don't click on fishy links anyway. I see plenty of them circulate on Facebook already.
http://speedywap.com/19683/ The Duplicate Content "Penalty" Myth Google Page Ranking Myth: Does google really rank down your pages if you duplicate/copy content?
animalbrad
· 2 months ago
I haven't got a message like htis ... yet.
Stuart Piazza
· 2 months ago
I just signed in with a fake account "F***Off/F***Off" and it takes you to the Fail Whale page with "Too Many Tweets" - I thought that part was funny, though convincing.
Yeraze
· 2 months ago
I fell for this about an hour ago.. Luckily, NoScript saved me. I knew something was fishy when I saw the blue background and "Twitter requires Javascript to function properly", and it never did before.
Name
· 2 months ago
Ugh - anything you can do if you did, stupidly, click on said link? Have changed my password but wonder if there's anything else to be done ...
Christina Warren
· 2 months ago
No, if you changed your password you're fine. Just make sure it is something significantly different from before. I fell for it too about 90 minutes ago. It happens.
M
· 2 months ago
if you just clicked on the site, nothing should happen. I don't believe it contains any XSS/Virus/Worm itself.
Just don't login to it :P
Name
· 2 months ago
I thinks this worm made a mess on my # of followers, I noticed it declined dramatically over the past hours
lallamia
· 2 months ago
thank u for telling us
vegas
· 2 months ago
LOL. Did a quick whois lookup - it's from China and was registered today.
why are people or someone doing this lol i fell for it 3 times BUT CHANGE YOUR PASSWORD
@2Heike
· 2 months ago
I haven't received any such DM's but have been bombarded with new follower notices today, which is completely out of the ordinary. I have probably received 150 so far when I normally get 5-10. Is this related to the worm or is there something else going on? @2Heike
Name
· 2 months ago
Technically, I believe this is called a Phishing Attack. It has more relation to a Trojan Horse than a worm, but is not related to either. A worm is a program capable of replicating itself and sending itself to other computers WITHOUT any user interaction. A Trojan Horse requires user interaction, but also, to be a program that infects a host computer. From what I read, nothing qualifies it as either Worm or Trojan, it's a phishing attack. Phishing is simply tricking the user into giving secure information to a website that the user believes is another website.
Jimbob
· 2 months ago
ive been happily typing insults and expletives into that page for a while now. i hope they can read english.
Jerry Zambrano
· 2 months ago
I've posted this on my Twitter and my Facebook, with my contents: "Oh crap. Just when I was getting my #LOSTuniversity friends organized via Direct Messages" Can we count on Twitter's security anymore? This is not the first or second time that security compromises originate from Twitter.
This very same thing happened to me on MySpace. Had to reset passcode.
MADNews101
· 2 months ago
I got this DM from @funkidivagirl on Twitter. I clicked on the link about 3 minutes after I got the DM & typed in my password. Just changed my password. Keep me up to date!!!
Brant Walker
· 2 months ago
This really isn't a "worm".
Jerry Zambrano
· 2 months ago
Thanks again. And I've set it already to many a folk. Just change your password now. It'll avoid headaches or possible headaches in the future.
One would think not to press on a link sending you to log in. I always close my email and safely navigate to my whatever page and check statuses there... mostly, LOL.
J. #LOSTuniversity (LOL)
Name
· 2 months ago
After I accidentally opened it, but quickly changed my password. But now I can't access my account. I'm blocked! Any suggestions?
Conrad2010
· 2 months ago
Change password.
Rob Cottingham
· 2 months ago
Just give it a little time - Twitter locks out an account after too many failed logins, and the scammers have likely been trying to log into your account repeatedly with the old password. Once they stop (or Twitter finds some way of blocking them), you'll be back in business.
Isaac Alonzo
· 2 months ago
its really important to double check the URL before doing ANYTHING that requires you to type your password, i think twitter should be https in their login since now has gone viral :)
necvision
· 2 months ago
Wow! Thanks for the info. This is really bad situation.
@H0llywoodWh0re
· 2 months ago
Just wanted to add, protecting yourself on Twitter (and other social networking mediums) is key. Use your best judgments when clicking "any" link on Twitter; if it looks to good to be true it most likely is (not to be cliche). If the link, content, or user looks suspicious this should be grounds for blocking or ignoring the content/user. A personal recommendation, before visiting a link, shared by someone you do not know, always check out the person on Twitter first; if the page is absent of any content or if it contains suspicious content, spam, or multiple mentions of the same content to various users -- stay clear and protect yourself. -- Also, do Twitter a favor and help fight against spam; think of it as protecting the micro-blogging environment. This can simply be done by following @spam and direct messaging all spam within.
Christine
· 2 months ago
I am wondering why we can not turn off direct messaging? Am i missing a setting somewhere? If not Twitter should allow this so that it's users are not as vulnerable.
Indy
· 2 months ago
I'm seeing this pop up with a lot of G20 tweets...
Looks like if you go in and use the "forgot my Password" feature you can get back in and change the old password. A friend was able to get through that door.
mattie
· 2 months ago
TWITTER Sucks balls.
LSG
· 2 months ago
I accidentally did sign in on my cell phone. I have already changed the password to my Twitter account but does anyone have advice about whether and how to cleanse my cell phone (which I don't believe has virus protection)?
Name
· 2 months ago
Thank you Keith! I used the "forgot your password" and it let me in. Appreciate the tip.
Name
· 2 months ago
I received that DM from my daughter in law before I knew of a worm. She's never DMd me, but thought I'd check it out--my iMac warned me when I clicked that link. Thanks Mac! and Thanks mashable! I had just begun following you, glad I am.
Keilaron
· 2 months ago
Convincing? Looks like the same crap you get on any IM network. It's a big yawn to me. Can someone explain to me what's so unique about this? The URL is quite obvious too.
plasticmadness
· 2 months ago
This is bad. Very bad. I'll block that domain. Anyone has the IP's so we can keep an eye on it? Just for the sake of it: I too just got a suspicious DM too, with a link "http://gglcash4u.info" that redirects to "onlyfreeoffersonline". Do not click it.
The Wandering Foodie
· 2 months ago
When I see these types of warnings, the people always say "DO NOT VISIT THE LINK" when the visiting isn't the problem, it's being stupid enough to put your information in again.
Name
· 2 months ago
For me, I didn't click on any link. A "Direct Message" popped into my e-mail box (as they all do). To delete it, I have to click on the subject line in my e-mail. That's all I did--there's no way to avoid that--and I got the bug.
mikedobbertin
· 2 months ago
Would this be considered a Textually Transmitted Disease?
plasticmadness
· 2 months ago
LoL :-) I think so.
Judi
· 2 months ago
I've gotten a couple of these today--and can't delete the DM in TweetDeck....ick!
debbiemahler
· 2 months ago
It's not just that one, I'm getting multiple spams from my reliable tweeple with "I made $300 - $500.... and a different link each time!
Name
· 2 months ago
This is just phishing. A computer worm is a self replicating program.
Angela
· 2 months ago
If your account is hijacked, how are you supposed to reset your password?
If your account is hijacked, DEFINITELY go reset any other accounts elsewhere on the Net that use the same password.
Dave
· 2 months ago
I got this one from a friends who was obviously hacked.
hey, i made $484 yesterday . this website showed me how (spaces added in URL) h t t p:// g glcash4u . info
steven healey
· 2 months ago
If you get a DM mentioning $484 , do not click the link .. the sender is unknown to the account holder ...
There are an increasing number of DMs appearing where the account owner has no knowledge
Lynne Gordon
· 2 months ago
Excellent Info! Thanks! I have just recently begun responding to all 2000 of the Twitter direct messages I get every day, so I was a prime candidate for this worm. Many Thanks!
kiwikatnz
· 2 months ago
I have deleted my twitter account anyway..It was all mundane tweets etc..I dunno how I was sucked in..in the first place!!
Reid
· 2 months ago
Ya, that hit my son and I about a month ago. Hopefully it's dying out by now..
DossyDomo
· 2 months ago
OMG no way, right when you thought good ole Tweet had things under control!
I had one of these show up to me, but something didn't look right when it looked like twitter's page but I knew I was logged in. At that point, I looked at the url and knew it wasn't twitter.
Make sure to look at URLs, and don't put your credentials into something that you've never went to!
Sandy
· 2 months ago
Avoid any direct messages!! I just received some from people who claim to "have made $484 on Google!" Obviously a fraud...beware of Twitter!! They were posted 09-23-09 at 5:55pm. FYI
trinest
· 2 months ago
Iddno anyone who falls for this gets what they deserve- oviously the url is fake- maybe they should read?
Name
· 2 months ago
Not a worm but a phish. Stupid people deserve to be taken advantage of.
Ed
· 2 months ago
Just so you know...you can be the spreader of these false DMs without ever clicking on a link.
I don't know who "GreatResources" is and I don't know who "earnwithmetoday" is either...but my account also sent out another @ reply to someone else. It looked like this "@earnwithmetoday : http://twitter.com/earnwithmetoday/statuses/num...
I have changed my password and am reporting no more rogue messages.
Mark Cameron
· 2 months ago
I seem to have missed it - so far.
BrianHealy
· 2 months ago
"We contacted Twitter and they quickly got back to us."
What's your secret? I've only been waiting 8 weeks for Twitter to get back to me about my support request...
I'll be sure to watch for this though and bin any I receive, even though I don't get much in the way of DMs.. except when there's a Mafia Wars recruitment drive on. I just bin them as well.
Mark
· 2 months ago
I thought a worm was a virus that spreads without requiring any user action? Surely this is a password phishing scam?
dainathomas
· 2 months ago
Thanks for sharing it ..I feel this is daily issue .. soon I ll stop using this service .. no doubt the concept was good .. but they cant maintain the security of the website .. and top of all there are less ppl who bothers abt the tweets which others have mentioned .. hardly give it a look .. what they do is just leave their update .. but anyone reads them ?? And there are mostly business ppl .. promoting their business .. and creating there mess ....
Best, Daina
Amy
· 2 months ago
How do you contact twitter support? Can't find a way to do that on the site. I have the worm. HELP!
Lucky aka Mark Milly
· 2 months ago
ahhh shit! myspace part 2! lol SMH
benr2
· 2 months ago
Something like this has been going around MSN for ages, the difference is that this one looks genuine unlike the MSN ones that sign in then sign out straight away
tomasskovgaard
· 2 months ago
I fell for it yesterday - Have changed my password ... but have problems with my DM now - What can I do ...?
Name
· 2 months ago
It's okay to click the link - just don't enter any information.
VBP OutSourcing
· 2 months ago
I go this just the other day. I though it looked funny, so I clicked on all the links around the login and found 404 errors. The I asked th guy who sent why he did, and he said he didn't. Knew then I was a scam.
This is just one of those login scams from MySpace, you just got to be smart enough NOT to click them :)
Name
· 1 month ago
I got this DM - I followed the link - but my bowser (chrome) said link was broken and didn't connect - so no fake login. Should I be worried?
Mark
· 1 month ago
It's still doing the rounds, or one much like it. I just got one from a very tech-savvy relative.
Kimberly Wolfson
· 6 days ago
I had a feeling this was the case. I must have missed the tweets about it. I guess I can refollow the two or three people that were not really spamming me afterall.
All Comments
Just reset.
Saves too many headaches or possible headaches.
J.
If your account is being used in this way...just change your password and it will stop.
Like the MySpace home page warns...if you do not see 'twitter.com' in the address bar, DO NOT LOG IN!
people spotted it at the same time. Still love @mashable :-)
I checked it man, good work. Check this out - http://tinyurl.com/mejq2c
victories :-) http://news.cnet.com/8301-27080_3-10360158-245....
-Jerry
Google Page Ranking Myth: Does google really rank down your pages if you duplicate/copy content?
http://speedywap.com/19683/google-page-ranking-...
The Duplicate Content "Penalty" Myth
Google Page Ranking Myth: Does google really rank down your pages if you duplicate/copy content?
Just don't login to it :P
http://tinyurl.com/mejq2c
BUT CHANGE YOUR PASSWORD
@2Heike
"Oh crap. Just when I was getting my #LOSTuniversity friends organized via Direct Messages"
Can we count on Twitter's security anymore? This is not the first or second time that security compromises originate from Twitter.
J.
Google's duplicate content penalty? IS it true
One would think not to press on a link sending you to log in. I always close my email and safely navigate to my whatever page and check statuses there... mostly, LOL.
J.
#LOSTuniversity (LOL)
It's a big yawn to me. Can someone explain to me what's so unique about this? The URL is quite obvious too.
If your account is hijacked, DEFINITELY go reset any other accounts elsewhere on the Net that use the same password.
hey, i made $484 yesterday . this website showed me how (spaces added in URL) h t t p:// g glcash4u . info
There are an increasing number of DMs appearing where the account owner has no knowledge
Jess
www.online-privacy.us.tc
Make sure to look at URLs, and don't put your credentials into something that you've never went to!
I NEVER click on DM links and last night my account was sending out @ replies to other twitter accounts! It looked like this "@GreatResources : http://twitter.com/GreatResources/statuses/numb...
I don't know who "GreatResources" is and I don't know who "earnwithmetoday" is either...but my account also sent out another @ reply to someone else. It looked like this "@earnwithmetoday : http://twitter.com/earnwithmetoday/statuses/num...
I have changed my password and am reporting no more rogue messages.
What's your secret? I've only been waiting 8 weeks for Twitter to get back to me about my support request...
I'll be sure to watch for this though and bin any I receive, even though I don't get much in the way of DMs.. except when there's a Mafia Wars recruitment drive on. I just bin them as well.
And there are mostly business ppl .. promoting their business .. and creating there mess ....
Best,
Daina