Welcome to WebmasterWorld Guest from 54.167.46.29

Forum Moderators: not2easy & rumbas

Message Too Old, No Replies

Looks like Twitter was hacked

     
12:56 pm on Sep 21, 2010 (gmt 0)

Preferred Member

5+ Year Member

joined:June 14, 2006
posts:393
votes: 0

1:08 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


Yes, I was just nailed by the mouseover hack/worm that's making it's way around twitter right now. It started auto-posting itself under my account so it could spread.

I just closed the browser window and switched to tweetdeck - then deleted all those stupid worm posts. Probably not a good idea to access Twitter directly for a while!

Gizmodo has some coverage, now

The exploit takes advantage of the Javascript function onMouseOver, enticing users with colorful blocks of text—"rainbow tweets"—and then retweeting those messages automatically when the block is moused over. In some cases the links launch pop up windows, in others users are being directed to spam and #*$! sites.

Third party apps are safe from the bug, but because the exploit spreads by users merely hovering over links, visiting the Twitter website right now almost guarantees that you'll inadvertently retweet one of the messages.

[gizmodo.com...]
1:38 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3492
votes: 3


I think but not sure my wife got this bug last week. I am not sure what she had but from a detailed discussion with her I really could never nail down the place she got it.
She was on Yahoo Mail and we were IM talking when it hit her. You know the security warning popup up so she didn't click anything but cut the computer off as I had instructed her. She still got the bug and a bad one at that. The only sites that were open at the time of the attack were yahoo email, FB, and Yahoo IM.
I was able to do an install of malwarebits to get the trojans pulled. She had 5 trojans installed on the computer.
Took me 2 1/2 hours to get the computer cleaned up disabled AVG and Internet exployer. I had to uninstall AVG and do a clean install to get everthing back to working. Whatever it was was a really tough one to get off.
1:45 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


As far as I know, this particular worm is only active on twitter.com - and although it could redirect you to a malware site, I've seen no reports of that.

TechCrunch has just produced a five point program to deal with the mouseover worm:

1. Don’t use the Twitter web site, especially the older version.

2. Use a desktop application like Tweetdeck, Seesmic or similar. Although the affected tweets do appear in your stream, they will not produce the same mouseover effect.

3. Use the Twitter mobile site, which appears to be unaffected.

4. Delete the affected tweets by avoiding the main web site and logg-in to the mobile site instead. Then delete the forced Retweet. Delete any tweets so that the worm does not spread to your friends and followers.

5. Change your password just in case.

[eu.techcrunch.com...]
1:48 pm on Sept 21, 2010 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 30, 2005
posts:12671
votes: 141


Only a matter of time.
1:52 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


News from Twitter about their problem:

We've identified and are patching a XSS attack; as always, please message @safety if you have info regarding such an exploit.

We expect the patch to be fully rolled out shortly and will update again.

[status.twitter.com...]
1:59 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member billys is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:June 1, 2004
posts:3181
votes: 0


This is one of the big benefits of WebmasterWorld - getting news like this so quickly. I'm staying away from Twitter until the all clear.
2:07 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


According to Mashable, Twitter has now sounded the "all clear"

Update (10:00 a.m. ET): A spokesperson for Twitter tells us "This should now be fully patched and is no longer exploitable."

[mashable.com...]

Maybe, but they've definitely made me gun-shy about using Twitter.com through a browser. Third party apps have their own issues, too. Ah well, whatchgonnado?
2:45 pm on Sept 21, 2010 (gmt 0)

Preferred Member

5+ Year Member

joined:Nov 29, 2007
posts: 385
votes: 0


Would Firefox with the NoScript plugin protect the user - or would Twitter simply not work with the plugin enabled.
2:54 pm on Sept 21, 2010 (gmt 0)

Preferred Member

5+ Year Member

joined:June 14, 2006
posts:393
votes: 0


Has anybody tried twitter.com via the web yet?
3:26 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:May 26, 2000
posts:37301
votes: 0


I have. It looks like there are no mouseover tweets around, and they're easy to spot because they are bare javascript instead of a message. It's just that hover activates them instead of a click -that's the real nuisance factor.
3:28 pm on Sept 21, 2010 (gmt 0)

Preferred Member

5+ Year Member

joined:June 14, 2006
posts:393
votes: 0


Thanks, tedster
4:12 pm on Sept 21, 2010 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22282
votes: 236


Twitter confirmed the XSS Attack is fully patched.
4:20 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 23, 2002
posts:659
votes: 0


Would Firefox with the NoScript plugin protect the user


NoScript has XSS protection.
4:41 pm on Sept 21, 2010 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:22282
votes: 236


For those that want to know more...
The Twitter hack: how it started and how it worked [guardian.co.uk]
A Japanese developer was the first to notice the weakness in Twitter's site and says he reported it as far back as mid-August. He put up a demonstration - and then the exploits flourished.The original discovery of the weakness, known as a "cross-site scripting" (XSS) hack, seems to have been made by a Japanese developer called Masato Kinugawa. He says that he reported an XSS vulnerability to Twitter on August 14 - and then discovered that the "new" Twitter, launched on Tuesday 14 September, had the same problem.
5:58 pm on Sept 21, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member

joined:May 6, 2008
posts:2011
votes: 0


The real solution is to stop using Twitter forever.
8:16 pm on Sept 21, 2010 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5801
votes: 64


So much for the superiority of OAuth
12:03 am on Sept 22, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member sgt_kickaxe is a WebmasterWorld Top Contributor of All Time 5+ Year Member

joined:Apr 14, 2010
posts:3169
votes: 0


You can still visit the twitter site to read messages, just don't log in. You can't re-tweet when logged out.
12:28 am on Sept 22, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 4, 2002
posts: 1687
votes: 0


My sympathies, Tedster, but you should really consider being more careful about allowing scripts to run on your browser, unless there's a true need for a particular site, and you trust it completely. It's like leaving your doors and windows wide open in the centre of town. Hard to complain about being robbed afterwards.
7:06 am on Sept 22, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 8, 2009
posts:95
votes: 0


Islamic Republic of iran hacked it like past ...
3:08 pm on Sept 22, 2010 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


Then within a few minutes he saw that it had started spreading virally. "holy #*$!. I think this is exponential: "3381 more results since you started searching," he said - adding, a few minutes later "This is scary."


Very reminiscent of the famous "Samy" worm that hit MySpace a few years back. This is what happens when someone with XSS skillz and a low threshold for risk assessment ponders, "I wonder what will happen if I throw this wrench into that big fast-moving machine that doesn't belong to me?"

I wonder if there will be any legal repercussions for the kiddies who did it.
5:28 am on Sept 23, 2010 (gmt 0)

Moderator from AU 

WebmasterWorld Administrator anallawalla is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 3, 2003
posts:3701
votes: 3


"Melbourne teenager becomes the terror of Twitter" [theage.com.au...]
11:53 am on Sept 24, 2010 (gmt 0)

Moderator from CA 

WebmasterWorld Administrator httpwebwitch is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 29, 2003
posts:4059
votes: 0


He said it was Twitter's responsibility, not his, to keep the site secure.


A juvenile understanding of ethics & law. Now that I have read a little about the people who exploited the vulnerability, I hope there are charges laid and convictions made.