Today there's a phishing run underway in Twitter, using Direct Messages ("DMs"). These are private one-to-one Tweets inside Twitter.

The messages look like these:

If you follow the link, you end up to a fake Twitter page:

Information leakage is a real problem.

It's especially bad for high-security organizations, like military agencies.

And it's now harder than ever, thanks to services such as Flickr, Photobucket, Facebook, Twitter and Myspace.

I've never been a fan of social networks.

I'm not on Facebook. Or Myspace. Or LinkedLn.

But last year I decided to take a look at this Twitter thingy.

I gave myself a trial period of couple of months, until the end of 2009 to decide if Twitter is useful or not. And if I wouldn't find it useful, I would quit using it.

Here are our predictions for 2010 based on this year's threat analysis.

So, there are these apparent MySpace phishing e-mails going around ("...please be informed that you are required to update your MySpace account, Please update your MySpace account by clicking here...")

When you follow the link, you end up to this MySpace look-a-like page, hosted on various .uk domains:

Once you log on, the bad guys gain access to your MySpace credentials.

Why do they want them?

As I reported yesterday, Twitter suddenly removed my account without explanation.

They have now unsuspended the account. You can visit it here.

I also received this explanation from Twitter last night:

        I've unsuspended your acct.
        You were suspended for using the malware URL rnyspeceDOTcom in DMs.
        Be careful!
        We scan evrythng for malware.

koob-Face or ter-Twit? The ongoing abuse of twitter feeds by malware distributors continues to net more social networking victims. As always, be wary of any executable you are prompted to download and execute. Currently, evil tweets for "My home video :)" or "cool video! WOW!" redirect to a set of spoofed social network pages. The malicious pages present visiting users with a prompt for a plugin install, "Flash player upgrade required". An example here:

CNN.com carried a recent news article about the city of Bozeman, Montana, USA, which has been pressured into removing an item in its background-check waiver form requesting all applicants for to disclose their account names and passwords for social networking websites such as Facebook, MySpace and Youtube.