Major Twitter Exploit Underway

A new and ugly bug struck Twitter this morning, taking over users’ browsers with gigantic fonts and mysterious blocks of text holding a viral load that could send tweeters to porn websites. Brit Graham Cluley was one of the first out of the box with a detailed notice about the flaw:

The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link. Thousands of Twitter accounts have posted messages exploiting the flaw. Victims include Sarah Brown, wife of the former British Prime Minister.

Mrs. Brown made an effort to warn others as the bug spread, but it still propagated itself rapidly across the microblogging site, often via mysterious blocks of text that looked like this:

Screen cap of malicious code inserted in tweets

Cluley notes that many Twitter users are merely pranking others with the code, but there is potential for “cybercriminals” to maliciously re-direct others to phishing sites or websites containing further bits of malicious code that could be used to exploit the user’s computer, providing access to passwords and other information. 

Twitterers have been advised to either stay off the site or use a third-party client like Tweetdeck until the issue is resolved. 

[Sophos.com]

Major Twitter Exploit Underway