An elaborate Twitter scam involving a sensational tweet about Barack Obama has been detected by Panda Security. This scam lures its victims with a promise of a video showing president Barack Obama punching a man for cursing him, leads them to a fake Facebook page where it steals their Twitter credentials, and closes the deal by enticing them to download a malicious worm disguised as “an update for YouTube player”.
Users receive this tweet as a DM, and if tempted to click, they’ll be led to a fake Facebook page, where they will be asked for their Twitter credentials in order to watch the video. If you choose to enter your Twitter details here, the malware will promptly hijack your account and begin sending these DMs to all your contacts in your name.
Next, users are taken to a second fake Facebook page, complete with a fake YouTube frame, where a new message appears: “An update for YouTube Player is needed”, it says, prompting you to install this update in order to watch the video. Naturally, this is no YouTube Player update, but the Koobface.LP worm, which will infect your computer and steal your personal data.
This is by no means the only scam of its kind going around. As always, it’s crucial that you don’t click links with suspicious messages about scandalous videos and pictures of you or others, even if they seem to come from people you know. And even more importantly, if you’ve already clicked it, never enter your credentials and never download anything that looks even remotely off. An updated anti-virus software can save you if you’ve gone as far as downloading the worm.