There is a lot of malware spam on twitter at the moment. I’m getting between 100-500 Direct Messages (DMs) a day from compromised accounts. They say things like:
“i made $426.23 online today with”
“I make money online with google. i learned how here”
“this you here”
“hey can you do me a favor? take this iq test. here”
“hey. can you take this quiz thingy? here”
“wow. i didn’t know my iq score until now. i got it here”
“can you do this quiz for me?? go here”
“hi there. this place has the best ringtones. i just got some.. go here:”
“hey, i got free ringtones from here…”
“get some ringtones for me here;”
“hi! i just got a bunch of ringtones from here:”
“omg! i took this quiz my score is higher than yours!! check here”
“Let’s find out if your IQ is higher. Here”
“OMG I can’t believe I found you”
“Hey, this you?”
“Hah. this you?”
“you look funny on here”
“i can’t stop laughing at this..”
“this was funny”
“rofl this you???”
“LOL, omg this you?”
“hahah you should see this”
“You’re on here…”
… all with links at the end. I just copy/pasted some of the ones I received today.
DON’T CLICK THE LINK
even if it’s from one of your friends. It seems the link takes you to a site where your twitter account gets hacked and sends the same sort of DMs to your followers.
If you’ve been hacked: go to your list of connections –> http://twitter.com/account/connections <– and click “revoke access” to any application you don’t remember allowing. Then go to your password reset –> http://twitter.com/account/password <– and change your password.
If your account is still infected, repeat the above, then go to your Browser Settings and clear your cache and delete your saved passwords (reader tip – thanks @Pepperfire)
You should be fine after that.
If you receive a malware DM like the ones listed above: send the person the following message:
I just received a virus DM from you. Changing your twitter password & revoking access to bad apps may fix it. More info: http://bello.ws/18
You can just copy and paste that – it’s designed to be the right size for a twitter DM. The link will take them here so they can go through the “unhacking” procedure above.
Remember: the malware comes from hacked accounts. The people generally have no idea their account has been compromised. They aren’t sending the malware; someone else is controlling that. Unless you go to your sent messages –> http://twitter.com/sent <– you wouldn’t know you’ve been hacked.
Be Gentle With Them
It’s not their fault (apart from clicking on a link in a message they may have received from a friend).
Please pass this message around. The more people know about this, the quicker we can stop this mess.
Click here to automatically fill a tweet for you to post.
It doesn’t post for you – you still have to hit the “update” button on twitter, so you’re in total control. It will fill in this message to whatever account you are currently logged into:
WARNING: Do not click any suspicious DM links. See how to protect your account here: http://bello.ws/18 (via @mikehaydon)
Thanks. @mikehaydon
Popularity: 60% [?]
Buzz This Post 
Delicious 
Digg This Post 
Reddit 
Stumble This Post
{ 1 trackback }
{ 8 comments… read them below or add one }
>>Your account has been hacked and is sending spam to your followers. Learn how to fix it here: http://su.pr/2whKig
Only problem is that warning and link itself–though sent with good intentions–might seem to be to the innocent recipient as a malicious message to fool them into clicking a link. Is there a way of wording it so it doesn’t seem like another attempt to get their info?
Thanks Archie. I see your point. How about:
I just received a virus DM from you. Changing your twitter password & revoking access to bad apps may fix it. More info: http://su.pr/2whKig
I’ve edited the suggested response in the main article to this.
If you (or anyone else reading this) have a better idea, please respond here.
Another way not to get Twitter DM spam is to not auto follow every single whootanny follower you get. But hey, numbers mean everything, right!? What’s a Trojan Horse between you and EPIC Twitser Famez!
Also, go to your Browser password saver and erase your auto-login.
There is no doubt in my mind that there is a worm going around that takes advantage of the security hole in your browser that signs you in with your password keeper. Once it’s in, it’s in.
I could be wrong, but there may be advantages to using a desktop tool to tweet, such as tweetdeck tweetminer Seesmic or Twhirl.
@Pepperfire
Cheers for this nice to know I’m not the only one. Bastard hackers!
Thanks for the Infos. Rescued me. Didnt see the hack.
Thanks for the great information! I have passed it along
I clicked on the link as well because the DM itself was suspicious enough to alert me – and my browser’s phishing filter already blocked access to the site.
Just another example why you should think BEFORE clicking…..
And keep your systems up to date!