Nasty Twitter Worm Outbreak

Several new Internet worms are spreading quite rapidly via a newly-found vulnerability in While the flaw that powers these attackers will most likely be sewn shut in a matter of hours, if you’re going to frequent Twitter today you’d be wise to use a Twitter client or at least block Javascript on the site, as these worms appear to be spreading with little or no interaction on the part of users.

According to security firm F-Secure Corp., the trouble started earlier today, when several worms began quickly spreading by leveraging a cross-site scripting vulnerability in Twitter that used “onmouseover” techniques, meaning it was enough to move your computer mouse on top of a malicious Tweet to resend the nasty message to all of your followers.

The initial worms apparently began as a proof-of-concept, but a number of new Tweets in the Twitter trending topics page indicate that newer versions are silently redirecting victim PCs to fetch more malicious payloads.

Until this mess gets cleaned up, F-Secure is warning Twitter users to use a Twitter client like TweetDeck to access Twitter instead of using, or to disable Javascript on the domain (always a sound idea). Several readers have pointed out another solution: Use mobile twitter (, which has no Javascript. Alternatively, just stay logged out of Twitter for the next few hours.

The Twitter user who reportedly discovered the vulnerability — programmer Magnus Holm — remarked on his Twitter feed that in hindsight he probably should have reported the flaw to Twitter, “but when I discovered it, it had already been in the wild for some time, so I assumed they knew it. I’m not responsible for the tweets that blocks the whole screen and retweet. my worm was much less obtrusive.”

Update, 10:05 a.m. ET: I’m reminded now of why I generally don’t write about the Twitter/Facebook malware threats-of-the-day: Because they’re usually no longer a threat by the time you write a blog post about them! Twitter is now reporting that it has fixed the vulnerability.

Update, 1:31 p.m. ET: Twitter’s security chief Bob Lord now has a blog post describing what happened with this worm. Lord writes: “This exploit affected and did not impact our mobile web site or our mobile applications. The vast majority of exploits related to this incident fell under the prank or promotional categories. Users may still see strange retweets in their timelines caused by the exploit. However, we are not aware of any issues related to it that would cause harm to computers or their accounts. And, there is no need to change passwords because user account information was not compromised through this exploit.” More here.

Оставьте комментарий