by Jason Ding, Research Scientist
It is not rare for general Internet users to get their online accounts spammed, compromised or hacked due to their less knowledge about the dangerousness of the Web.
However, network security professionals should at least have enough knowledge and take strong precaution to protect their own online accounts, before helping others, or hosting hacking events.
Unfortunately, this is not always true. Check this live example: TakeDownCon, “a technical security conference series fundamentally developed to focus on only ONE information security domain per event” – just got its Twitter account @TakeDownCon comprised. It sent direct messages to its followers, and posted spam tweets on its own timeline.
This phishing website domain itvvitier[.]com is newly registered to an address in Shanghai, China, since April 23, 2012.
Anyone who received these messages should ignore and delete them immediately. As always, do not click any links in your emails or messages if you are not 100% sure of their origin or intent. And always, carefully check the URL in your browser’s address bar whenever you login to a website.
UPDATE: as of this morning Apr 26 2012 8AM EST, @TakeDownCon has removed the spam tweets on its page and the phishing website itvvitier[.]com is down.