Horrific photo forced photographer to kill himself? Don’t be too quick to click

June 6, 2010 by  
Filed under Security News

After a week full of clickjacking attacks, we’re seeing other dodgy links being spread widely between Facebook users who should perhaps know better.


One that I have seen crop up a lot, is appearing in the status updates of Facebook users with phrases like:

This horrific photo forced photographer to kill himself! http://tinyurl.com/VerySadPhoto

This horrific photo forced photographer to kill himself!


This horrific photo forced photographer to kill himself! http://tinyurl.com/HorriblePic

This horrific photo forced photographer to kill himself!

Clicking on links like these can take you to Facebook pages which names such as “Man Commits Suicide 3 Days After Taking This Photo”.

Man Commits Suicide 3 Days after Taking This Photo

These Facebook pages force you to first “Like” them and then republish the link on your own Facebook page (advertising it to your online friends) before you eventually get to see the photograph.

The Facebook page forces you to pass on the message

Just ask yourself this – do you really want to recommend a page to your friends, before you know what lies behind it? For all you know, you could be passing on a link which will ultimately take your online pals to a phishing page or malware.


As it happens, the pages are lying in any case.


The photograph – of an emaciated young girl in Sudan – was taken in March 1993 by prize-winning South African photo-journalist Kevin Carter. Carter did kill himself – but it was over a year later in South Africa, not three days after the photo was taken as claimed by the Facebook links.


You can probably imagine, however, that people would easily agree to publish the link to all their friends – in their morbid interest to see the photo – and thus help it spread quickly.


In fact, it’s no surprise that links like these are spreading so quickly and virally across Facebook, when popular pages such as “I like your makeup…LOL JK, it looks like you got gangbanged by Crayola” (currently 1.7 million fans and counting) have republished it to all of their followers.


Read More…

‘More followers’ spam hits Twitter accounts

May 10, 2010 by  
Filed under Security News

Thousands of Twitter users are finding that their accounts have been compromised, and are posting messages advertising a website which claims to help users attract more followers.


A typical message reads:

CHECK out this site, im a member of it, It gets you more followers: http://tinyurl.com/[removed]

Tweets promoting the website

Clicking on one of these links takes you to the Twtfaster website, which asks you to enter your Twitter username and password.

Twtfaster website

Of course, regular readers of the Clu-blog know that it’s never a good idea to hand over your login credentials to a third party, and that’s the case with this site too. Curiously, when I entered bogus information on the above screen it didn’t display an error message – suggesting that it might be created simply to scoop up users’ login details. Hmm.. that smells worryingly like a phishing attack to me.


Further investigation finds some small print on the Twtfaster website that suggests that they plan to use your account to advertise their service – but I wonder how many people would read that before eagerly signing up for more followers?


One piece of good news is that TinyURL appears to be currently blocking links used in the campaign, but of course that’s not going to stop the people behind this latest outbreak from using alternative URL shortening services.

TinyURL blocking the link

So, if you’ve found out that your Twitter account has been sending messages advertising how to get more followers, I would recommend that you change your password immediately. And next time a third-party website asks you to hand over your username and password for Twitter, steer well clear.


It is possible that the accounts that are spamming out the adverts for Twtfaster have not signed-up for the site themselves, but have been compromised in some other way. Even so, that’s still a good reason to change your Twitter password. If you need help choosing a memorable, hard-to-crack password you should watch the video I made on the subject.


As I’ve discussed before, you should always exercise extreme caution before signing-up for a service which offers to increase your Twitter following.


Unfortunately, as the popularity of Twitter grows and the desire for more followers deepens we can expect more and more users to fall for scams like this.



by Graham Cluley, Sophos

AVG LinkScanner Can Detect Malicious Short URLs

October 14, 2009 by  
Filed under Protection Tools


URL shorteners may be handy for your tweets on Twitter. But they’re also known security holes since they don’t display the actual address of your destination. A free tool from security vendor AVG may provide a solution.


AVG has updated its free LinkScanner tool to detect malicious pages hiding behind shortened URLs. The company said the tool checks the actual destination of each URL link to make sure the page is legitimate.


More than a dozen URL-shortening services abound on the Net, including TinyURL and Bitly. With its 140-character limit, Twitter automatically shortens URLs in each tweet via Bitly. Other services like WordPress also include a built-in URL shortener.


But Web browsers don’t display the true address of a shortened URL, so you have no idea whether or not the destination page is safe. Hackers have easily been able to use the obscure nature of shortened URLs to conceal hazardous Web pages behind them.


“The problem with shortened links is that they usually don’t bear any resemblance to the original URLs, which means that users don’t always know what they’re clicking,” said Roger Thompson, chief research officer at AVG Technologies. “People click with the intention of going to a specific site, but the link can be easily hacked to send people to a site containing Trojans, spyware, rootkits, and other malware instead.”


AVG, formerly known as Grisoft, bought LinkScanner in late 2007 as part of a larger acquisition. The tool has already proven helpful to Web surfers by analyzing Web pages behind each link that is either clicked on or typed into the browser.


Other solutions do exist to reveal the truth behind a short URL. The Web site LongURL can display the long version of a short URL. A Firefox plug-in called LongURL Mobile Expander can also translate from short to long.


But according to AVG, LinkScanner is now the only security tool on the market that can find poisoned Web pages behind a short URL. The company says it does not rely on blacklists and instead checks each link in real time.


by  Lance Whitney from Cnet