Sophos warns that there is a fairly egregious worm currenlty spreding across the Twitter network that masquerades as a YouTube link for a “banned” Lady Gaga video.
The tweets are being posted by rogue applications, that users are allowing to access their profiles in the belief that they will get to view a prohibited video of Lady Gaga. When you click on the bit.ly link it sends you to a fake YouTube page and then asks for permission to access your Twitter account. This results in another infected tweet being sent out on your Tweet stream, thereby continuing the long cycle.
Sophos notes that even the Gaga herself is quite upset:
This is after her own Twitter stream began sending out the infected Tweets including one mentioning Shakira. It seems most of the Tweets are in Spanish so it may reduce the virality of the worm in English-speaking countries but it’s an interesting attack vector nonetheless — and you can be positive someone will try this trick again in multiple languages. Just remind your relatives not to give out their Twitter credentials to random websites.
If you were unfortunate enough to grant a rogue applications access to your Twitter account, revoke its rights immediately by going to the Twitter website and visiting Settings/Connections and revoking the offending app’s rights.
[Source: Sophos Blog]