Have you, or some you know, been infected by the recent twitter direct message virus?
You may have received a message in your inbox, or seen it directly on twitter.
Even if you have not clicked on this link, you may want to update your passwords for good measure. Think long and strong.
If you have clicked on this message, you may or may not have noticed your account sending unauthorized posts, or sending the DM to your following. Whether or not you notice unusual activity, you should consider your account compromised.
To begin with, revoke all privileges from third-party apps. For every additional method of connection to your account, you are allowing another possible gateway for the hacker to exploit.
Once you have removed the third party apps from your mobile devices, go into Settings, which can be found by clicking on the cog icon in the upper right hand corner of the page.
From Settings select Apps from the list of links on the left side of the page.
You’ll want to disable access to all applications for the time being to avoid access points for potential account compromise. So go ahead and remove these applications.
The next step is to scan your system for malware and viruses, as well as run a registry check to find any potential infections in your computer. Some recommended tools would be SpyBot Search & Destroy, as well as CCleaner. For a review of popular antivirus applications visit this helpful Lifehacker article: https://lifehacker.com/five-best-antivirus-applications-395046.
Third-party applications often alert users before downloading them that the app will have access to your personal information stored within your mobile devices, like being able to access your contacts or post to social networks on your behalf. While using these applications does not guarantee that you will have your account compromised, it does open up one more avenue for exploitation.
Over the past year, we’ve noted a marked increase in account compromises across social networks as well as email accounts, and have been taking a lot of phone calls assisting our clients through these unpleasant circumstances. If you take some time and do some googling, you will see numerous variations of spam, scams, backscatter attacks, and unauthorized posting on social networks. Even respected institutions such as banks are not outside of this malicious influence.
Now is a great time to become more conscientious about your internet security and how you conduct yourself on the web. Choosing solid passwords, avoiding clicking unknown links, and developing a general mindset of awareness can help you maintain your personal security in this digital age.
This virus is a variation of another recent exploit. In September 2012, a virus utilizing the same sort of phish and bait tactics was plaguing the social circuit. Compromised accounts sent out messages saying things like “you’re in this [link] lol” and “lol ur famous now [link]”. Users were taken to a video player that says “An update to Youtube player is needed.” A supposed flash update is pushed on the unwary user, and they are prompted to download FlashPlayerV10.1.57.108.exe, which is reported to be the virus Troj/Mdrop-EML. This backdoor Trojan replicates itself onto accessible drives.