Hundreds of Twitter users have been hit by another attack on the popular micro-blogging site, with messages being sent from compromised accounts trying to drive traffic to a pornographic website.

The messages which say

hey! 23/Female. Come chat with me on my webcam thingy here www.chatwebcamfree.com

are being spammed out as Tweets.



However, the index page of that website serves up obfuscated JavaScript that loads a variety of pornographic adverts and contains a web form directed to a site called eroticgateway.com.



Clearly, if a hacker has managed to ascertain your Twitter password there is a chance that they may have also compromised your system in other ways too.

Any Twitter users who find that they have unwittingly posted the message would be wise to change their Twitter password immediately. Furthermore, if you use that password on any other non-Twitter account then you must also change those passwords too (please *don't* make it the same as your new Twitter password.

As we don't yet know how the hackers compromised accounts, it wouldn't do any harm to scan your computer with an up-to-date anti-virus product either.

Twitter has confirmed that approximately 750 accounts were hijacked by criminals during the course of this attack, and says that they have reset the passwords of all compromised accounts. That should stop the tidalwave of spam messages advertising adult webcam websites for now.

But there is still a lack of clarity of how the accounts were compromised in the first place.

Finally, one extra thing to throw into the mix. Last month, Facebook users reported seeing a very similar message.



You don't have to be Albert Einstein to put two and two together, and deduce that these attacks must be related.

We're seeing more and more attacks from spammers, phishers, malware authors, scammers and identity thieves against the users of social networks like Twitter and Facebook. These aren't just proof-of-concept attacks in controlled conditions - they're full-blooded assaults seen in the wild every day, making money out of real people.

Source: Sophos.com