Both Facebook and Twitter experienced phishing attacks on Thursday.
A new scam hit Facebook users that, like others in recent weeks, sends them to a website that steals their log-in information and also secretly downloads malware onto computers when they visit the malicious website in what is known as a 'drive-by download'.
Meanwhile, Twitter users were getting messages from new followers that were posting links to a fake Twitter site with 'tvvitter' in the tiny URL, Graham Cluley of Sophos wrote in his blog. His blog has a video of the phishing attack in action. Twitter representatives did not immediately respond to emails seeking comment.
In the Facebook attack, messages circulated with a subject line of 'Hello' and a prompt to check out 'areps.at' or other URLs ending in '.at'.
The URLS, before being blocked, directed the visitor to a fake Facebook page. If you logged in to the site, it would steal your email and password, log you into Facebook, automatically change your password, and send the same message to all your Facebook friends, according to the All Facebook blog.
The malicious websites also spread the Koobface worm and install the Trojan.BHO, among other malware, onto unsuspecting computers, according to a test by ZDNet UK's sister site, CNET News.com, using Internet Explorer. But the URLs were blocked by Firefox and flagged as a 'web forgery' as of 9:50am PDT.
"Whoever is behind the scam has been steadily amassing a large number of email addresses and passwords over the past few weeks," the blog says. "Some days as much as three scams will spread throughout the site (possibly even more). Facebook rapidly shuts down all references to the site but by then the scam has spread to thousands of users."
Facebook spokesman Barry Schnitt said: "The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a percent of users. We've been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly."
The site has blocked links to the new phishing sites from being shared on Facebook, added them to the block lists of the major browsers, and is working with partners to have the sites taken down completely, he said. Facebook also is cleaning up phony messages and wall posts and resetting the passwords of affected users.
Separately, some Facebook users reported difficulty accessing the site on Thursday morning. It was unclear whether the connectivity issues were related to the phishing scam.
