Tag: "money mule"

Phishing site found when you click on the tweeted URL.

A twitter “worm’s” brilliant variation

A new twitter worm is being reported making the rounds this morning, which is actually an expertly crafted variant of the worm we reported back on September 24th. The variant has changed the direct message from “ROFL, this you on here?” to “hi. this you on here?”. The bad actor in China has also used a new URL, but with the same Twitter login landing page identifiable by its stray HTML brace “>” following the line under ‘Sign in to Twitter’. This important difference in wording should allow for a spate of new captured twitter credentials.

"It looked pretty legitimate" - FBI Director Robert Mueller

Operation Phish Phry

A phish phry is a social gathering, and early Wednesday the FBI, US Attorney’s Office, the LA Electronic Crimes Task Force, and Egyptian authorities started working towards arranging the largest gathering of suspects indicted in connection with a single phishing scam to date. Dubbed “Operation Phish Phry”, this two year inter-agency inter-country investigation is rounding up 100 suspects including 53 from North Carolina, Las Vegas, and Los Angeles as well as 47 in Egypt accused of stealing more than a million dollars from two U.S. banks.

The phishing site's Twitter login screen.

ROFL this you on here? The latest Twitter Worm

At 2pm on Wednesday 9/24, wide scale reports started showing up on Twitter that a new Twitter worm sends you a direct message with the content “rofl this you on here? http://videos.twitter.secure-logins01.com”. The link opens a Twitter style log in page (albeit Twitter’s previous version of this page, they have a new one) which, except for being an old version and a stray angle bracket is convincing. Upon logging in the user’s credentials are stolen, and presumably direct messages are sent to each follower that user has.