Bogus Twitter Spam Hits Inboxes

Spammers seem to be on something of a Twitter rampage of late. They have sent out a wide variety of spammed messages recently that all appear to be from Twitter:

The first mail sample shows a phishing attack mounted against users. The second contains links to a malicious file that is already detected as TROJ_FAKETWT.A.
Even pharmaceutical spammed messages are exploiting Twitter:

All of these attacks are dealt with by Trend Micro products via the Smart Protection Network™. The spammed messages and the phishing pages are already blocked. The malicious file is already detected as well.
For users without Trend Micro products, the usual warning about links in email messages applies—clicking links in emails is a very bad idea. Twitter does not send links to a secure module. Similarly, legitimate Twitter emails changing the email address of user accounts include the new email address in the message body and do not describe nor promote any new service, as many of these phishing emails do.
Of course, Twitter itself, beyond being a social-engineering bait, has something of a spam and phishing problem. On their official blog, they have announced that later this year, all links in Tweets will pass through Twitter’s own internal link shortener, which is located (continue reading...)