You might be wondering why the frontpage of Twitter has a big “Edit” line running through it in the screenshot below:

twiteditthis1

The answer, of course, is that this is not the real Twitter page at all. It’s part of an increasingly popular kit used for shenanigans:

twiteditthis2

The scammer downloads the zip, edits the links in the .htm file and places something likely to catch the attention of an end-user underneath the “Edit” line. The fact that the fake content is sitting directly underneath the “New Twitter” promotional text is not a coincidence.

twiteditthis3

_“Hey look, semi-naked ladies are part of the new Twitter experience! Yay! Oh wait, I have to run some sort of Sun Java update…and now my computer is sending Viagra spam to my mother.”
_
Top tip: if you happen to see semi-naked ladies posing under the yellow “Sign up” button on the Twitter homepage, you’re on a scam site. If the Twitter homepage starts popping boxes asking you to install Java security updates, or grab Adobe Flash executable, or files with “pwned” in the title – you’re on a scam site.

The “new Twitter experience” may be full of shiny, blinky things but infection files aren’t supposed to be part of the deal. On the bright side, all the fake pages we’ve seen so far make no attempt to disguise the fact they’re sitting on free hosting services. This obviously means that don’t look a bit like the genuine Twitter.com URL. I’m sure it won’t stay like that forever though, so be wary of potential typo squatting because this technique combined with an “almost but not quite” domain name could reel in quite a few victims…