If you get a direct message saying something along the lines of "rofl this you on here? http://videos.twitter.secure-logins01.com," don’t click it. The message will take you to a log-in page that looks like Twitter’s log-in page, but it is of course a phishing scam, where your info is jacked and your account becomes the next participant in spreading the worm.

Unsurprisingly, this issue has not been addressed by Twitter on their blogs, just as that huge exploit that was discovered last month wasn’t. Twitter should probably do a better job of communicating such problems to users before more people fall victim. Mashable notes that they did contact the company about the issue, and they are aware of it, and "on the case."

Users who encounter the worm are encouraged to change their passwords and contact Twitter.

Security issues continue to plague not only Twitter, but social media in general. According to a study from Russell Herder and Ethos Business Law, time on social networking sites has increased by 73% in the past year. Another study recently released by AVG and CMO Council found that social network uses are more vulnerable to security risks than non-users.

Thousands of users saw their friends appear post the message, “I just got over 1000 followers today from http://twittercut.com.”  Those who thought it advantageous to gain 1000 followers in one day were then lured to TwitterCut’s site, which looked remarkably similar to the Twitter login portal. Baited users would then enter login details at the TwitterCut site. Like many of the recent Facebook scams, TwitterCut would then use this information to send out the same message through the user who entered their information, allowing the worm to spread rapidly.

It does not appear that TwitterCut has used the retrieved logins for any other purposes yet, but those who may have given information should act quickly to change their passwords. Additionally, Twitter announced on Tuesday night that they were working to push password resets for infiltrated accounts. 

All told, this phishing scam serves as a reminder to social network users to be extremely cautious when entering usernames and passwords, double checking to reinsure that the site truly is what it claims to be.

It appears that today a new phisher has appeared on the scene. Some are tweeting to beware of SuMagik, or the site sumagic.info, which also requests an individual’s Twitter Name and Twitter Password. No info is given as to why this is requested, but the site does state, “We do not store twitter passwords, as we have no interest in your twitter account, and we hate scamming cheats too!” Sound a little phishy to me!

Original Article: Early Saturday morning, four Twitter accounts were started and began spreading a worm being referred to as Mikeyy throughout the social network. Reports suggest that when users go to the profile page of a user who is infected, their "About me" section is altered to include a link to a malicious site, which I won’t name here.

Twitter was able to take care of the first round of attacks on Saturday morning, but more kept coming throughout the weekend. They have been dealing with them in real time since then, and they haven’t stopped.

"We are still reviewing all the details, cleaning up, and we remain on alert," says Twitter co-founder Biz Stone. "Every time we battle an attack, we evaluate our web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities. Everything from how it happened, how we reacted, and preventative measures will be covered."

Stone compares the worm to one that has plagued MySpace in the past. The Samy worm spread across that social network, and its creator was ultimately prosecuted by MySpace.

Right now, the latest update on Twitter’s Status blog from four hours prior to this writing says, "We are currently addressing a new manifestation of the worm attack." In another post, Twitter suggested that people use third party apps to communicate with the service for the time being.

Two hours ago, a tweet from Twitter’s Spam Watch account looked like this:

Heavy Twitter users are going to want to keep up with the latest updates. Places to keep track of this include, Twitter’s status blog, the spam watch account, and Twitter’s official blog. Twitter makes it very clear that no passwords, phone numbers, or other sensitive information have been compromised.

The worm comes as a potentially damaging blow as Twitter continues to snowball in popularity. It will be interesting to see if reports about Mikeyy impede the growth rate at all.

What to Look For

Like most viruses, this one relies on deceit, and tries to get users to download it using a non-existent video as bait. David Sarno at the LA Times explains:

The virus’ most insidious property is that users receive the offending message from a friend: On Facebook, only people whom users have explicitly approved as friends can send them e-mails.

The Koobface e-mails have a subject like "You look so amazing funny on our new video," and contain a link to a YouTube-like video site that appears to contain a movie clip (see image).  The video, however, doesn’t play, and the website then asks the user to update his or her video software by downloading a file. It’s that file that contains the malicious code.

McAfee provides more information about Koobface and shows a screenshot of a possible page that users could land on to get to it:

What it Does

"As part of their malicious payload, the worms transform victim machines into zombie computers to form botnets," said security firm Kaspersky Lab when it reported on two variants of Koobface back in July. One variant targeted Facebook, while the other targeted MySpace.

Facebook’s security page says, "We’re currently helping our users with the recently discovered "Koobface" worm and phishing sites. If your account has recently been used to send spam, please visit one of the online antivirus scanners from the Helpful Links list, and reset your password here." The links list is as follows:

The worm must be affecting a lot of people now to make its way though the news so much all of a sudden. It’s been around for months, yet we haven’t heard much about it until now. Facebook users who have accounts that have been in jeopardy have been receiving emails about how to proceed.