It seems a month can’t go by at the moment without some kind of viral worm weaving it’s way through the Twittersphere, leaving a wake of dodgy linkbait and annoyed users behind it. This week’s Twitter exploit, TweetViewer, once again plays on the insecurity and gullibility of the average Twitter user, and purportedly allows people to find out who has been viewing their Twitter profiles.
Like all Twitter exploits, the “app” works by hijacking a user’s profile and posting an enticing message, encouraging other users to click and in turn have their account taken over. TweetViewer has spread via few different “honeytrap” tweets, such as:
“I just viewed my TOP20 Profile STALKERS. I can’t believe my EX is still checking me every day”
“WOW! You can see WHO VISITS your TWITTER profile. That’s cool! :)”
As this latest exploit is an app, once you’ve accidentally posted the link and turned beet-red with embarrassment, you’ll have to revoke TweetViewer’s permissions in your account settings.
At the time of writing, the bit.ly links associated with this new scam have clocked up around 16,000 clicks, and a quick search of Twitter for the text of the spam seems to indicate whoever is behind this has now switched their links to goo.gl, Google Inc.’s URL shortening service – apparently in response to bit.ly blocking their previous URL.
Luckily news of this newest malware spread fairly quickly throughout the social network, and most users will now probably have been made aware of the danger.
The larger issue here is how does Twitter plan to deal with the increasing regularity of such exploits? Although Twitter have an anti-scam account, it is only followed by around 350,000 people – a tiny percentage of the total Twitter population. The way we see it, Twitter is either going to have to institute some kind of app review policy, make a universal scam warning service (forcing every user to follow @safety perhaps wouldn’t be a bad idea), or give themselves powers to censor tweets that contain naughty links.