May 23, 2011

OMG CNN Confirmed Osama Is Alive - Scam spreads on Twitter

Carl Leonard Principal Security Analyst

If you are seeing tweets right now from Twitter users, you may be misled into thinking that U.S. news organization CNN has revealed that Osama bin Laden is alive.

The tweets lead to a phishing page.  Websense customers are protected from this scam by ACE, our Advanced Classification Engine.


Tweets are being posted by users right now at the rate of several hundred tweets per second and include:

   omgg osama is alive!!! cnn confirmed that he's still out there :((

   I cant BELIEVE osama is still alive - CNN confirmed he around stillll :O

   OMG CNN confirmed that they found Osama alive still ! ! !



Tweets lead to a bit.ly redirector that takes the user to a convincing phish page designed to harvest the user's Twitter account credentials.


Screenshot of the phish page:


A user who enters credentials is then taken to a YouTube video related to the topic of the scam, a CNN video discussing the news "'Osama is alive' say protestors."

The redirection chain is thus: hxxp://bit.ly/m[removed]Y  -> hxxp://twitter.[removed] .ru/relogin.php -> hxxp://www.youtube.com/watch?v=Ga[removed]Mg


Twitter trend-tracking service Trendistic recorded this scam as being 1% of the volume of all tweets some 8 hours ago.  The current rate of tweets is around 200 per minute, so the phishing page could be successfully harvesting Twitter account credentials and then tweeting on their behalf, thereby spreading the phishing links.


When Osama bin Laden's death was announced, we saw Facebook status updates offering a video of the events.  Malware authors often use news events to entice and trick users into performing actions such as following website links.

Websense Security Labs advises Twitter users who believe they may have fallen for this scam to change their passwords immediately and to check their Twitter feeds for postings related to this scam topic.

Carl Leonard

Principal Security Analyst

Carl Leonard is a Principal Security Analyst within Forcepoint X-Labs. He is responsible for enhancing threat protection and threat monitoring technologies at Forcepoint, in collaboration with the company’s global Labs teams. Focusing on protecting companies against the latest cyberattacks that...

Read more articles by Carl Leonard

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.