We've previously reported on malware that can be accessed from Google search results and malicious executables hosted on Google Code. Additionally, Google Docs has been used for phishing and spam in the past. Now, Blogspot is being used to phish for Twitter credentials.
 |
| Form to enter your Twitter username and password |
The blogs use different techniques to get a Twitter username and password from users. For example, they may offer to stream news about Jason Bieber or to help with dating, etc. Most of them claim to be the official Jason Bieber fan store,
 |
| Blog claims to be the official Jason Bieber fan store |
The form used to gather the Twitter credentials is not actually hosted on blogspot, but rather on urghost.com. It is embedded as an iframe. Ironically, this hosting provider claims to offer a "Full Computer Cleaning Service package"! The credentials are sent to [email protected] using a script hosted on a Yahoo account at us.1.p11.webhosting.yahoo.com.
To reassure potential victims, the form states "WE have made the change to application sharing per Twitter TOS. We do not store User Names/Passwords". Twitter actually forbids transmission of login/password information from third party web applications, opting instead for the more secure OAuth protocol to communicate with Twitter accounts.
Some of the blogs involved are:
- bloggercpaarmy.blogspot.com
- twitterinsanityblog.blogspot.com
- thewrestlingprofessor.blogspot.com
- insanitycelebblog.blogspot.com
- gossip4you2.blogspot.com
- insanityblog2343.blogspot.com
- cupcooking.blogspot.com
I've reported the domains to Google and expect that they will be shut down soon.
-- Julien
