Viral Twitter Worm: Profile Spy – Don’t be Duped

It was only a week or so ago that we posted details about an infographic telling about Twitter malware threats through time and then today we’ve heard about a new viral Twitter worm. The worm is called Profile Spy and you need to be careful not to be duped.

The tag line for the fake app reads, “Wow! See who read your Twitter with Profile Spy.” The thought of seeing who may have accessed their profiles is leading many people to click on the link and the worm is now spreading rapidly. If you click on the link you’ll be inundated with all sorts of endless spam, pop-ups and surveys, and Ted Thornhill over on Metro, tells how some people are even being asked to give out their Visa card details, which is obviously a big no-no.

According to Thornhill a blog by Robert Graham of Errata Security, details how it is spreading and informs us why we need to be careful. Graham explained that many worms work by asking people for passwords but many are catching on to these scams, therefore Profile Spy takes a different approach, instead pretending to be a Twitter application. Graham said, “The best advice I could give you is that whenever you see something of the form “this is cool check it out” – and it asks you to install something, give a password, or grant authorisation, then it’s probably malware. You should always verify it with the sender (or with Google) before continuing.”

Graham uses an account specifically for this kind of research and allowed the app to access it, to find it had indeed been hacked and had received a barrage of spam. One note of advice is that if you have already clicked on Profile Spy, then you need to withdraw its access and to do this go to ‘Edit Your Profile,’ and then ‘Connections.’ To see full details about what to do next check out the Errata Security link above. Have you been duped by the Twitter Profile Spy worm? Let us know by sending us your comments.