Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Twitter confirmation spam - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Twitter confirmation spam
One of our users received an email
>>
From: Twitter <verify@twitter.com>
To: زواجي <user@example.com>
Subject: Confirm your Twitter account, زواجي

Confirm your email address to complete your Twitter account. It's easy - just click on the button below.

Click on the link below or copy and paste it into a browser:

https://twitter.com/i/redirect?url=https%3A%2F%2Ftwitter.com%2Faccount%2Fconfirm_user_email%2F4181206 .....
<<

They are asking me if it's malicious. The URL is really twitter, and I can't see any obvious malware.

What's going on here ?
If I click on the link myself (Firefox on Linux) I get auto-logged into twitter as me (as I have a twitter account, and cookies and a password saved in my browser), and see a message:
"You're signed in as <myname> You can't confirm the account for zvaigzniteh26"

Is this an attempt to hijack an account, or get followers or twitter traffic ?
advaxtriumf.ca

7 Posts
Could you send us the complete URL? (Via isc.sans.edu/…) Anonymous

-
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!