Warning: We Heart It Spreads Diet Pill Twitter Spam

Twitter_bird_logo_2012.svg

Everybody’s favorite instantaneous social media platform has fallen prey to a spam assault.

Thousands of tweets reading “If I didn’t try this my life wouldn’t have changed,” followed by links leading to a fake Women’s Health landing page (hxxp://www.womenshealth.com-april22.us/miracle-garcinia) promoting Garcinia Cambogia “miracle diet” pills have been circulating since yesterday.

If you encounter such a link – and aren’t immediately put off by its prototypical spam language – do not click. In addition to a bogus advertisement, it is also possible that the link might initiate a drive-by malware download. Researchers are currently investigating whether this is the case.

How did this happen?

Initial investigation has revealed that the spam was actually spread through compromised weheartit.com accounts, as the majority of malicious tweets contained the “via weheartit.com” tag. We Heart It is an image sharing social network that allows its users to “heart” links to images they like, and it can be used to “heart” links directly to Twitter. Essentially, compromised accounts have used this functionality – known as OAuth authentication – to “heart” spam.

As of yesterday, We Heart It was aware of the attack and took steps toward mitigation. Initially, the company disabled its Twitter sharing feature to stymie the spam directly. Once things subsided, they issued a statement, linking the attack’s origins to Australia. At this point, it is not known if the attack has produced other links besides the “If I didn’t try this my life wouldn’t have changed” diet pill spam or if any links in the attack are connected to malware, but both scenarios are entirely possible.

How can I stay protected?

The good thing about spam is that most people who spread it are incredibly lazy. That means you can usually spot it by yourself when you see it. The bad thing about spam is that in addition to advertising lame products like diet pills, it can also spread malware. Placed on a platform as popular Twitter, this can have dangerous implications. What is most alarming about this latest campaign is that it infected the social media giant tangentially, through another, smaller social media site that enables link sharing. As more and more websites adopt this capability, this gives malware authors more and more opportunity to worm their creations with little extra effort.

As such, users running Emsisoft Anti-Malware are automatically protected from this latest diet pill spam assault and all others like it by our Surf Protection technology. If on the off chance you clicked on this link and it turns out that it was in fact used to propagate malware, also know that our experts at the Help My PC is Infected! support forum will gladly remove it for free, even if you aren’t an Emsi-Customer yet. They absolutely despise diet pill spam, and relish any opportunity to rid the world of it.

Also, if you are one of the 25 million users who have a We Heart It account, you should change its password immediately.

Have a Great (Malware-Free) Day!