My GMail inbox had one Twitter notification, a direct message from one of my medical school classmates. I had to check it out so I clicked on the link, which brought up my Twitter Direct Messages page (I had told Twitter to "Remember Me").
I clicked on the link and it brought me to (THIS IS A PHISHING SITE - DO NOT LOGIN WITH YOUR TWITTER LOGIN!) http://twitter.login.kevanshome.org/login/ . It looks like the familiar Twitter login screen, before a redesign. I obviously wasn't paying attention to that website when they rolled out the update. I didn't care because it was always set to be logged in on my home computer anyway so there was no chance to see the new Twitter login page.
I said to myself, "What the hell?! My Twitter session logged out. Better log in again to see what the fuss is about."
I know, it was sheer stupidity on my part knowing that the URL was not twitter.com. I was relying on Chrome's anti-phishing alert feature to inform me always. So I logged in.
It took me 30 seconds and a weird post-login screen to realize that I've been had.
It took me an hour to change different passwords on all the sites that I have a significant web presence. The Anatomy Of The Twitter Attack outlines how personal accounts of Twitter execs were hacked to obtain confidential information with the same elementary methods. Although I have been using a different password for some sites, someone can just use the Forgot Password process and a compromised account to be able to get access.
I sent a direct message through Twitter to my classmate that her message pointed me to a phishing site. It wasn't her fault, surely - it can happen to anyone.
I also reported the site using the reporting tool built into Chrome.
The Whois information about kevanshome.org reveals that the site is registered in China - maybe a spammer/email account harvester?
Domain ID:D157042268-LRORThank you "Ken Evans" for reminding me that I have to be always vigilant in surfing the web. That was one wakeup call! Too much worrying on Viva Voce sure made me complacent, stupid and lazy.
Created On:06-Sep-2009 07:34:50 UTC
Last Updated On:10-Nov-2009 14:03:03 UTC
Expiration Date:06-Sep-2010 07:34:50 UTC
Sponsoring Registrar:Xin Net Technology Corporation (R118-LROR)
Registrant Name:Ken Evans
Registrant Organization:Ken Evans
Registrant Street1:Star Street
Registrant City:Shang Hai
Registrant Postal Code:100000
Admin Name:Ken Evans
Admin Organization:Ken Evans
Admin Street1:Star Street
Admin City:Shang Hai
Admin Postal Code:100000
Tech Name:Ken Evans
Tech Organization:Ken Evans
Tech Street1:Star Street
Tech City:Shang Hai
Tech Postal Code:100000
Friends, be vigilant so that your most cherished web presence does not get taken over by a spammer in China or anywhere else.
Updates: Trend Micro posted about this on their blog and they're saying that this is a new Twitter worm that can compromise your account. Read it here:
A New Twitter Worm Is Making the Rounds
Marah Marie reported about the main page (http://www.kevanshome.org/), which masqueraded as an AOL/Bebo login page here (see newest update below for its change to a MySpace login page):
Sophos reports this and has a YouTube video demonstration of the attack as well:
This you???? : Phishing attack hits Twitter users
As of February 25, 1012H (GMT +8) http://www.kevanshome.org/ is made to look like a fake MySpace page, below:
Note that it does not look like the current MySpace login page.
M86 Security Labs has some history on this phishing attack here:
Twitter "Phish and Spam" Campaign