A friend of mine recently sent me a direct message on Twitter, it said "lol u didnt se them taping u" and had a link to Facebook. I hadn't remembered being taped in the past few days and I'd never seen my friend use this type of Twitter-shorthand, along with typos. To me, it was obviously spam.
I'm not the only one to be getting these spammy direct messages on Twitter that lead to bogus Facebook links. Apparently a lot of people have been complaining of these messages, according to Sophos analyst Graham Cluley who wrote about it on the Naked Security blog.
Different variations of the direct messages include, "your in this [link] lol" and "lol ur famous now [link]" (I got this one too).
Of course, I didn't click on the link. However, according to Cluley, those people that do click are led to a video player that says, "An update to Youtube player is needed." Users are asked to download what is supposedly called "FlashPlayerV10.1.57.108.exe," but Sophos antivirus products detect it as Troj/Mdrop-EML, which is a backdoor Trojan that can copy itself to accessible drives and network shares.
Twitter spam is nothing new. In the past, among other types of phishing, users got e-mails masquerading as Twitter support messages that then prompted recipients to click malicious links. Phishing has been so annoying to the social network that in April it announced that it was suing five popular spam tool providers in federal court.
The source of Twitter's new direct message spam campaign is not yet known. It's also unclear if the social network is doing something to stop it. CNET contacted Twitter for more information and we'll update the story when we hear back.