Down East 2013 ©
A malicious piece of software has infected a number of Twitter profiles of political players and journalists in Maine.
The worm operates by infecting one account, then sending direct messages to others who are following that profile. If a user clicks on the link in the message, they're taken to a page on the domain "tivvitter.com" (with two "v"s replacing the usual "w" in the name) and asked to log in to their account.
If they follow the instructions, they've given up their login and password information to the worm, which spreads by sending more messages to those accounts' followers and eventually begins sending spam advertisements from the account.
The spread of the worm seems to have been identified and stopped by Twitter, and the malicious domain no longer resolves to the login form. The authors of the malicious software, however, still likely have login information for those accounts.
If those infected also used the same passwords for email accounts or other places on the internet, those services may be vulnerable as well.
The worm was launched at the Twitter userbase as a whole , but it seems to have been especially virulent within the online community following political developments in Maine. Perhaps this is because the message the worm uses ("You seen what this person is saying about you? [link] terrible things..") may be particularly intriguing to political and media professionals who are monitoring their online reputations.
Some of the infected include, according to direct messages sent to my own Twitter account, Maine House Assistant Minority Leader Terry Hayes, current and former LePage spokespeople Adrienne Bennett and Dan Demeritt, Bangor Daily News editor Susan Young and Press Herald editorial writer Greg Kesich.