Tweet scam A message sent through a compromised Twitter account by a hacker (highlighted in red). The message includes a link that leads to malware.
Twitter advises that users who see unauthorized tweets issued under their name should change their password immediately (if it hasn’t been changed by the hacker) and to revoke access for any unrecognized third-party application. It also offers advice for safe tweeting on its forums. The company did not immediately reply to a question about the Russian black market or the number of compromised accounts.
The discovery by Kaspersky Lab comes one month after reports surfaced that Facebook was facing similar problems. Verisign’s iDefense Labs said it had found a website peddling 1.5 million compromised Facebook accounts, offering them for $25 per 1,000 accounts with 10 friends or less, and $45 per 1,000 accounts that have more than 10 friends.
The hacking of Twitter accounts represents a change in strategy by Twitter scam artists. Earlier this year, the trend among spammers was to create Twitter accounts from scratch, try to gain as many followers as possible, then attempt to sell them, with prices listed on Russian cybercriminal forums of between $500 and $1,000.
But this strategy found few customers, and proved difficult to maintain. Twitter fought back by blocking accounts that gathered followers too quickly–a sign that a spammer was behind the account. Scammers next built automated programs to slowly build up followers and post realistic-looking tweets copied from other Twitter users.
“It was a lot of work for them,” Raiu says. “Probably the cybercriminals discovered earlier this year that it’s easier to steal logins to people’s Twitter accounts than create them from scratch.”