Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Twitter confirmation spam - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Twitter confirmation spam
One of our users received an email
>>
From: Twitter <verify@twitter.com>
To: زواجي <user@example.com>
Subject: Confirm your Twitter account, زواجي

Confirm your email address to complete your Twitter account. It's easy - just click on the button below.

Click on the link below or copy and paste it into a browser:

https://twitter.com/i/redirect?url=https%3A%2F%2Ftwitter.com%2Faccount%2Fconfirm_user_email%2F4181206 .....
<<

They are asking me if it's malicious. The URL is really twitter, and I can't see any obvious malware.

What's going on here ?
If I click on the link myself (Firefox on Linux) I get auto-logged into twitter as me (as I have a twitter account, and cookies and a password saved in my browser), and see a message:
"You're signed in as <myname> You can't confirm the account for zvaigzniteh26"

Is this an attempt to hijack an account, or get followers or twitter traffic ?
advaxtriumf.ca

7 Posts
Could you send us the complete URL? (Via isc.sans.edu/…) Anonymous

-
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!