If you are seeing tweets right now from Twitter users, you may be misled into thinking that U.S. news organization CNN has revealed that Osama bin Laden is alive.
The tweets lead to a phishing page. Websense customers are protected from this scam by ACE, our Advanced Classification Engine.
Tweets are being posted by users right now at the rate of several hundred tweets per second and include:
omgg osama is alive!!! cnn confirmed that he's still out there :((
I cant BELIEVE osama is still alive - CNN confirmed he around stillll :O
OMG CNN confirmed that they found Osama alive still ! ! !
Tweets lead to a bit.ly redirector that takes the user to a convincing phish page designed to harvest the user's Twitter account credentials.
Screenshot of the phish page:
A user who enters credentials is then taken to a YouTube video related to the topic of the scam, a CNN video discussing the news "'Osama is alive' say protestors."
The redirection chain is thus: hxxp://bit.ly/m[removed]Y -> hxxp://twitter.[removed].ru/relogin.php -> hxxp://www.youtube.com/watch?v=Ga[removed]Mg
Twitter trend-tracking service Trendistic recorded this scam as being 1% of the volume of all tweets some 8 hours ago. The current rate of tweets is around 200 per minute, so the phishing page could be successfully harvesting Twitter account credentials and then tweeting on their behalf, thereby spreading the phishing links.
When Osama bin Laden's death was announced, we saw Facebook status updates offering a video of the events. Malware authors often use news events to entice and trick users into performing actions such as following website links.
Websense Security Labs advises Twitter users who believe they may have fallen for this scam to change their passwords immediately and to check their Twitter feeds for postings related to this scam topic.