October 29, 2012, 4:03 PM — So I was innocently surfing the Interwebs a few weeks back, fighting for truth, privacy, and the Internet way, when I got an email alerting me to a direct message from a friend I hadn’t spoken to in years.
It was strange on several levels (and so is my friend – but I digress). The first strange bit was the message itself, which made no sense: “heh u didn’t see them tapping u.” OK, fine, whatever.
Strangeness no. 2: It showed an alleged Facebook link. Rolling over the link with my cursor showed a truncated URL using Twitter’s T.co service at the bottom of my browser – which would be OK, except that the URL didn’t start with http or https.
Something smelled a little phishy to me. So, being stupid, I clicked on it. That took me to the following fake Facebook login page.
Gee Toto, I don’t think we’re on Facebook anymore. The URL at the top of the screen leads to a subdomain at some site calling itself Twitterwink.info. Immediately it becomes clear that whoever is running this scam a) isn’t very bright, and b) is hoping I am also not very bright.
OK, I thought, this is simple enough: It’s a phishing scam designed to steal my Facebook login credentials. So I entered some gibberish into both fields, just to see what would happen. (I told you I was stupid.) Here’s what came up next:
So this was a faux Facebook page with a faux YouTube video embedded in it, which was really just a come-on for me to do a drive-by install of what would undoubtedly be some nasty bit of malware. At this point I stopped clicking.
Even I am not that stupid.
I give the spammers credit for attempting to make it look like a real Facebook page. But none of those ads on the side were live – they were just graphics. And “Youtube” is usually spelled with a capital T in the middle.
But I had to wonder: What the hell is a Twitterwink? So I visited that page and found this:
Yeah, I don’t know what that’s supposed to be, either. The site was registered to a “Jill Nelson” of “Beaverly Hills, CA.” But the real story was in where it was hosted: 2x4.ru, a Russian Web host with a less-than-pristine reputation, to put it mildly, for hosting malware and other criminal activities.