It seems hundreds of Twitter accounts have started to Tweet out “weight loss” product spam today.

Specifically, users who have had their accounts hijacked are Tweeting the message “I lost 20 lbs in 2 weeks!” and links to diet sites. Our source counts over 200 rogue tweets so far tonight.

It’s not just new users getting caught out: famous tech pundit John C. Dvorak (@therealdvorak) got caught up in the attack, and was none too pleased.

At this point we’re unsure of the cause: Access could have been gained through previous phishing schemes. However, one factor points to a likely suspect: all the Tweets are posted via “API”, meaning the spammers do not have direct access to the accounts. Rather, there’s likely some third party application that’s been compromised (or a rogue one permitted by the users) that’s pushing spam Tweets.

Suffice to say: If your friends start tweeting links to diet sites tonight, don’t click the links!

We’ll let you know when we learn more.

Thanks to Ike Pigott for the heads up.

UPDATE: The Sophos blog has written about the attacks too.

Tags: trending, twitter