Twitter under attack again

Twitter has been under fire from online scammers

Today saw a new scam affecting users of the popular Twitter micro-blogging site, while security experts reported that hackers are taking advantage of heightened public interest in Twitter-related security issues to spread malware.

The latest Twitter problems appear to be a new raft of messages being posted to the Twitter feeds of users containing the words and link, "You'll like this one! Check out www.TheSmartEcard.com", or "Retweet: You'll love this one! Check out www.TheSmartEcard.com".

According to Twitter, the problem is a "scam/phishing site" rather than something more malicious. Graham Cluley, senior technology consultant at security vendor Sophos, warned users to avoid clicking on the link.

"Hopefully, it should be obvious from the web site's opening page of legalese banning staff from Twitter, MySpace, Facebook, Microsoft and Google, that something odd is afoot - even before it starts to quiz you for personal information," he wrote in his blog.

"But if not, let me just say that visiting the web site is not recommended."

The scam follows hot on the heels of more worm attacks over the past few days. On Friday it emerged that a new version of the Mikeyy cross-site scripting worm was trying to spread across the network.

The author sent messages to celebrity users such as Ashton Kutcher and Oprah Winfrey, with the intention of spreading the worm more quickly, as these profiles have large numbers of followers.

"If you suspect you have been affected, clean out your Twitter profile and settings of any content that you did not add yourself, and - although it may not be the case that it has been compromised - consider using a more secure password," wrote Cluley.

Then over the weekend, another version of the worm appeared to be infecting profiles with messages including jokes, purportedly authored by the same hacker, Mikeyy.

Some experts have argued that Twitter has looked amateurish and unprepared in its response to the flurry of attacks, but the site's administrators noted the attacks were both short lived and dealt with appropriately.

"Still, we suggest that you avoid viewing the profiles of users posting uncharacteristic or otherwise suspicious tweets," wrote the firm on its status page.

Anti-malware firm Trend Micro, meanwhile, has noted that hackers are using public interest and the high level of media coverage of the worm attacks on Twitter to spread more malware. Google searches for 'Twitter worm' and 'Mikeyy' bring back malicious URL links on the first page of results, according to a blog posting by Trend AV engineer Jasper Manuel.

Visiting the site will trigger the download of a Trojan onto the user's PC, he said, although the firm's engineers are still trying to verify if the Trojan can download other malware too.