We Heart It Network Turned off Twitter Sharing after Diet Spam Attacks; Bitdefender Offers Security Advice

The image sharing social network We Heart It has turned off Twitter sharing after a large diet spam wave that referenced its services. The attack allegedly began several days ago in Australia.

“We’ve temporarily disabled sign-in and sharing via Twitter while we look into an issue,” We Heart It wrote on Twitter. “Please sign-in via email in the meantime.”

Users complained the email sign in wasn’t working either. In the meantime, the social network also had issues with the web site, which was temporarily offline.

Spam messages posted on the micro-blogging platform included a bit.ly shortened URL and the phrase “If I didn’t try this my life wouldn’t have changed.”

The link lures users to a fake website promoting miracle diet pills with the help of Dr.Oz videos. Bitdefender has blocked the website for fraudulent activity. Initial media reports suggested the links were malicious and hid a worm that gathered a large number of Twitter credentials and accounts over a short time.

The web site was also identified by bitly as potentially problematic.

“The link you requested may contain inappropriate content, or even spam or malicious code that could be downloaded to your computer without your consent, or may be a forgery or imitation of another website, designed to trick users into sharing personal or financial information,” the URL-shortening service said.

“This could be because a bitly user has reported a problem, a black-list service reported a problem, because the link has been shortened more than once, or because we have detected potentially malicious content.”

Security expert and HotForSecurity guest writer Graham Cluley also analyzed the spam wave and its unusual twist.

“But, and it’s a big but, what happens if your We Heart It account gets compromised in some way, and it begins to “heart” links which point to a webpage designed to promote Garcinia Cambogia “miracle diet pills?”,Graham Cluley wrote in a detailed blog post. “Then you’e got spammy messages appearing on Twitter. And what happens if *many* We Heart It users suffer the same problem with their accounts? Then you have a massive amount of spam appearing on Twitter.”

We Heart It enabled sharing with Twitter in January. The images that users “heart” because they were “moved” by them are automatically posted on their Twitter account.

PC World tried to contact the micro-blogging network, but received no immediate comment.

Here are some security tips and tricks from antivirus software company Bitdefender:

• Users are advised to preemptively change their We Heart It passwords and be cautious with the images they “heart” and autopost to their Twitter account.
• Don’t click suspicious links spreading on Twitter with messages that are obviously exaggerated. “If I didn’t try this my life wouldn’t have changed” allegedly coming from We Heart It is one such example.
• Use the Login verification system on Twitter to make sure you are the only one accessing your account. The verification code on your phone will only allow you or someone with access to your phone and your password into your account.
• Install and update your antivirus solution, as it will protect you from malware, scams and spam when surfing the Internet or sharing pictures and information on social networks.