Weibo Accounts Compromised to Spread Phishing Campaign
The Websense® ThreatSeeker® Network has detected a wave of phishing campaigns spreading on the Chinese social network "Sina Weibo". Sina Weibo is a Chinese microblog website, like a hybrid of Twitter and Facebook, that has more than 300 million registered users as of February 2012.
The attacker uses compromised accounts to spread phishing messages. The compromised accounts are set up to forward and comment every single microblog they are following. These forwarded messages also get posted on the account's own wall, so the same phishing message reaches both followees and followers. The phishing message is a notification that the user has won a prize, and a link redirects the user to a phishing site via a shortened URL.
Several phishing messages are used to spread the campaign. The templates have only minor wording differences and add a random tag after the shortened URL. The example of the phishing message shown above has been forwarded more than 3 million times, a number that is growing rapidly.
The phishing sites pretend to be award sites sponsored by SINA Corporation, the owner of Sina Weibo. Visitors are notified that in order to claim their valuable prize, the "winner" must pay a portion of the prize's tax. The "tax" is then paid to phisher. The sites also ask for personal information, such as name, portal address, and account number.
Internet users often register for multiple online accounts using the same information, including login credentials. In December 2011, a previous blog described a huge data breach in China, in which attackers easily reused leaked credentials to gain access and control of other accounts. Websense recommends that weibo users reset their login details if suspicious posts and content appear.
Websense customers are protected from these threats by ACE, our Advanced Classification Engine.