homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Social Media / Twitter
Forum Library, Charter, Moderators: rumbas

Twitter Forum

Looks like Twitter was hacked

 12:56 pm on Sep 21, 2010 (gmt 0)




 1:08 pm on Sep 21, 2010 (gmt 0)

Yes, I was just nailed by the mouseover hack/worm that's making it's way around twitter right now. It started auto-posting itself under my account so it could spread.

I just closed the browser window and switched to tweetdeck - then deleted all those stupid worm posts. Probably not a good idea to access Twitter directly for a while!

Gizmodo has some coverage, now

The exploit takes advantage of the Javascript function onMouseOver, enticing users with colorful blocks of text—"rainbow tweets"—and then retweeting those messages automatically when the block is moused over. In some cases the links launch pop up windows, in others users are being directed to spam and #*$! sites.

Third party apps are safe from the bug, but because the exploit spreads by users merely hovering over links, visiting the Twitter website right now almost guarantees that you'll inadvertently retweet one of the messages.



 1:38 pm on Sep 21, 2010 (gmt 0)

I think but not sure my wife got this bug last week. I am not sure what she had but from a detailed discussion with her I really could never nail down the place she got it.
She was on Yahoo Mail and we were IM talking when it hit her. You know the security warning popup up so she didn't click anything but cut the computer off as I had instructed her. She still got the bug and a bad one at that. The only sites that were open at the time of the attack were yahoo email, FB, and Yahoo IM.
I was able to do an install of malwarebits to get the trojans pulled. She had 5 trojans installed on the computer.
Took me 2 1/2 hours to get the computer cleaned up disabled AVG and Internet exployer. I had to uninstall AVG and do a clean install to get everthing back to working. Whatever it was was a really tough one to get off.


 1:45 pm on Sep 21, 2010 (gmt 0)

As far as I know, this particular worm is only active on twitter.com - and although it could redirect you to a malware site, I've seen no reports of that.

TechCrunch has just produced a five point program to deal with the mouseover worm:

1. Don’t use the Twitter web site, especially the older version.

2. Use a desktop application like Tweetdeck, Seesmic or similar. Although the affected tweets do appear in your stream, they will not produce the same mouseover effect.

3. Use the Twitter mobile site, which appears to be unaffected.

4. Delete the affected tweets by avoiding the main web site and logg-in to the mobile site instead. Then delete the forced Retweet. Delete any tweets so that the worm does not spread to your friends and followers.

5. Change your password just in case.



 1:48 pm on Sep 21, 2010 (gmt 0)

Only a matter of time.


 1:52 pm on Sep 21, 2010 (gmt 0)

News from Twitter about their problem:

We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again.



 1:59 pm on Sep 21, 2010 (gmt 0)

This is one of the big benefits of WebmasterWorld - getting news like this so quickly. I'm staying away from Twitter until the all clear.


 2:07 pm on Sep 21, 2010 (gmt 0)

According to Mashable, Twitter has now sounded the "all clear"

Update (10:00 a.m. ET): A spokesperson for Twitter tells us "This should now be fully patched and is no longer exploitable."


Maybe, but they've definitely made me gun-shy about using Twitter.com through a browser. Third party apps have their own issues, too. Ah well, whatchgonnado?


 2:45 pm on Sep 21, 2010 (gmt 0)

Would Firefox with the NoScript plugin protect the user - or would Twitter simply not work with the plugin enabled.


 2:54 pm on Sep 21, 2010 (gmt 0)

Has anybody tried twitter.com via the web yet?


 3:26 pm on Sep 21, 2010 (gmt 0)

I have. It looks like there are no mouseover tweets around, and they're easy to spot because they are bare javascript instead of a message. It's just that hover activates them instead of a click -that's the real nuisance factor.


 3:28 pm on Sep 21, 2010 (gmt 0)

Thanks, tedster


 4:12 pm on Sep 21, 2010 (gmt 0)

Twitter confirmed the XSS Attack is fully patched.


 4:20 pm on Sep 21, 2010 (gmt 0)

Would Firefox with the NoScript plugin protect the user

NoScript has XSS protection.


 4:41 pm on Sep 21, 2010 (gmt 0)

For those that want to know more...
The Twitter hack: how it started and how it worked [guardian.co.uk]
A Japanese developer was the first to notice the weakness in Twitter's site and says he reported it as far back as mid-August. He put up a demonstration - and then the exploits flourished.The original discovery of the weakness, known as a "cross-site scripting" (XSS) hack, seems to have been made by a Japanese developer called Masato Kinugawa. He says that he reported an XSS vulnerability to Twitter on August 14 - and then discovered that the "new" Twitter, launched on Tuesday 14 September, had the same problem.


 5:58 pm on Sep 21, 2010 (gmt 0)

The real solution is to stop using Twitter forever.


 8:16 pm on Sep 21, 2010 (gmt 0)

So much for the superiority of OAuth


 12:03 am on Sep 22, 2010 (gmt 0)

You can still visit the twitter site to read messages, just don't log in. You can't re-tweet when logged out.


 12:28 am on Sep 22, 2010 (gmt 0)

My sympathies, Tedster, but you should really consider being more careful about allowing scripts to run on your browser, unless there's a true need for a particular site, and you trust it completely. It's like leaving your doors and windows wide open in the centre of town. Hard to complain about being robbed afterwards.


 7:06 am on Sep 22, 2010 (gmt 0)

Islamic Republic of iran hacked it like past ...


 3:08 pm on Sep 22, 2010 (gmt 0)

Then within a few minutes he saw that it had started spreading virally. "holy #*$!. I think this is exponential: "3381 more results since you started searching," he said - adding, a few minutes later "This is scary."

Very reminiscent of the famous "Samy" worm that hit MySpace a few years back. This is what happens when someone with XSS skillz and a low threshold for risk assessment ponders, "I wonder what will happen if I throw this wrench into that big fast-moving machine that doesn't belong to me?"

I wonder if there will be any legal repercussions for the kiddies who did it.


 5:28 am on Sep 23, 2010 (gmt 0)

"Melbourne teenager becomes the terror of Twitter" [theage.com.au...]


 11:53 am on Sep 24, 2010 (gmt 0)

He said it was Twitter's responsibility, not his, to keep the site secure.

A juvenile understanding of ethics & law. Now that I have read a little about the people who exploited the vulnerability, I hope there are charges laid and convictions made.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Social Media / Twitter
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved