Monday, September 27, 2010

Twitter Hit with Second Worm in a Week, Spread Via 'WTF' Link



Days after a site update unleashed a Twitter cross-scripting attack, the micro-blogging site was again hit with a bug that spread via questionable links.
"A malicious link is making the rounds that will post a tweet to your account when clicked on," Twitter wrote on its status blogSunday afternoon.
The offending messages appeared on a user's Twitter feed with "WTF:" followed by a link. If you clicked on that link, you were taken to a blank page, but behind the scenes, the worm would post vulgar messages on your account that discussed, well, sex involving goats.
"Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor's Twitter account," according to a blog post from Sophos's Graham Cluley. "All the user sees if they visit the link is a blank page, but behind the scenes it has sent messages to Twitter to post from your account."
The message did not spread if you were not signed into your Twitter account at the time. Cluley suggested the attack spread so quickly because people were eager to find out what might warrant a "WTF" label.
Twitter said Sunday evening that it had fixed the exploit and was in the process of removing the offending tweets, but Cluley said that attack "highlighted an obvious security problem in Twitter which must be addressed as a matter of urgency - otherwise we can expect further (perhaps more dangerous) attacks."
Source: pcworld.com
Posted by at

29 comments:

  1. richieSeptember 27, 2010 at 3:26 PM

    Heard about that, crazy to think that such a big site would still have huge flaws like that.
    but then again, i don't use twitter, so...

    ReplyDelete
  2. NinjaZombieSeptember 27, 2010 at 3:27 PM

    Oh yea? Another virus?

    ReplyDelete
  3. nuttinbutapeanutSeptember 27, 2010 at 3:43 PM

    Oh come on, that's not good...

    ReplyDelete
  4. XvSeptember 27, 2010 at 3:55 PM

    so glad i dont use twitter :P

    ReplyDelete
  5. DyldogSeptember 27, 2010 at 3:56 PM

    i dont even use twitter anyways :{


    neat blog man, follow me back!

    ReplyDelete
  6. RawrSeptember 27, 2010 at 4:09 PM

    following you :D

    ReplyDelete
  7. sambo57September 27, 2010 at 4:14 PM

    haha pretty cool
    glad i only use twitter for this
    thx for the comment
    followd!

    ReplyDelete
  8. JemzSeptember 27, 2010 at 4:22 PM

    Twitter? again?
    I hope they will be able to strengthen their security, because twice in a row, that is a bit much...

    F/S!

    ReplyDelete
  9. AnonymousSeptember 27, 2010 at 4:25 PM

    thats turible

    if your a poker player follow my blog :)

    ReplyDelete
  10. joanna.elherroSeptember 27, 2010 at 4:29 PM

    nothing is safe it seems.

    ReplyDelete
  11. problem.questionSeptember 27, 2010 at 6:13 PM

    good thing i dont use twitter

    ReplyDelete
  12. Dr. CoolMoneySeptember 27, 2010 at 6:22 PM

    I love how newspapers call this the "Twitter virus", when it's just an XSS hole.

    It's not like it's going to ruin your computer, it might confuse some of your followers though xD

    ReplyDelete
  13. Deecee1988September 27, 2010 at 6:38 PM

    This is why I'm glad I don't use twitter, it's so stupid! Anyways. Cool blog man. Check mine out and follow back if you like it.

    thatguy00.blogspot.com

    ReplyDelete
  14. surrealmethodSeptember 27, 2010 at 6:40 PM

    Thanks for the heads up. I'll spread the word to avoid twitter.

    ReplyDelete
  15. CrammarcSeptember 27, 2010 at 6:53 PM

    will this be the end of twitter, the world can only hope

    ReplyDelete
  16. HolysteriniSeptember 27, 2010 at 7:26 PM

    follow back.

    http://electronpsy.blogspot.com/

    ReplyDelete
  17. Bismuth CastleSeptember 27, 2010 at 7:29 PM

    It's scary how one security flaw on a website can affect millions of people.

    ReplyDelete
  18. AnonymousSeptember 27, 2010 at 7:36 PM

    Haha..that's kind of funny. Well actually not to the innocence victims like Grandma.

    ReplyDelete
  19. AnonymousSeptember 27, 2010 at 7:49 PM

    Stupid worms ruining my twitter.

    ReplyDelete
  20. MattSeptember 27, 2010 at 10:20 PM

    Yay even more Twitter problems.

    ReplyDelete
  21. AnonymousSeptember 27, 2010 at 10:27 PM

    classic twitter, they need to check there security more often and better

    ReplyDelete
  22. XIIISeptember 27, 2010 at 10:27 PM

    lol, i love it when social networking sites get owned. people keep blowing em way outa proportions.

    ReplyDelete
  23. sparky12September 27, 2010 at 11:19 PM

    Jesus, another one? You would think they would somehow strengthen their security...

    ReplyDelete
  24. Johnny CoolfaceSeptember 27, 2010 at 11:32 PM

    Added benefit of not using social networking sites, don't have to worry about them being the prime target for exploiters.

    ReplyDelete
  25. Tam SmithSeptember 27, 2010 at 11:36 PM

    Shit's crazy!

    ReplyDelete
  26. HotsaucerSeptember 27, 2010 at 11:45 PM

    I'm glad I don't use Twitter!

    ReplyDelete
  27. West0o3September 28, 2010 at 12:25 AM

    I dont like twitter haha

    ReplyDelete
  28. 3milelimitSeptember 28, 2010 at 9:53 AM

    Grr thats annoying

    ReplyDelete
  29. 5fdpmayhemSeptember 30, 2010 at 12:54 AM

    i would have loved to see that xD

    ReplyDelete

Subscribe to: Post Comments (Atom)