A Twitter worm is spreading through mobile links shorted with Goog.gl, which gets pushed out further when people click on them.
The worm appears as a tweet which includes just a Goo.gl link. While particular URLs have been noted as carriers of the worm (goo.gl links that end in “od0az” or “R7f68”), it is possible that these could change.
It either creates new accounts or uses spam accounts to spread. Twitter has sent password resets to affected users and has said it will monitor the situation.
Users are being advised not to click on any suspicious Goo.gl links. The worm originated at http//mobile.twitter.com, so smartphone users need to be especially careful.
The Next Web also notes there are a number of tweets in users’ streams that advertise “Fllwrs,” whose link is disguised using the Goo.gl shortener.
It’s marketed as “the easiest way to track who follows and unfollows you,” however, this is also malicious. It is not certain as of yet if it is linked to the other worm.
If a user has clicked on this, users should go into Twitter, click on “Settings,” then “Connections,” then “Find Fllwrs” and select “Revoke Access.”
