Javascript Exploit on Twitter

Posted on behalf of Mathew Nisbet, Malware Data Analyst

Today there has been a lot of traffic on Twitter related to a very recently discovered Javascript exploit. It took advantage of the way Twitter handled Javascript in updates. Most of the exploits seen used the "onmouseover" trigger, which meant that all a user had to do was move the mouse over a tweet and the code would run. Most would just repost the same thing to your own wall, some would repost and redirect the user to another site. There were some examples of users being redirected towards porn sites. The fact it only needed a cursor to move over it is why it spread so very rapidly all over the world, before people knew what was happening.

More info and screenshots can be found in this F-Secure blog:
http://www.f-secure.com/weblog/archives/00002034.html

Users of the MessageLabs Hosted Web Security Service would have been protected from any malicous sites that were opened by redirecting code, but there was no way to stop the code from re-posting itself. At the time of writing, Twitter appeared to have fixed the flaw so users should be safe. Those who are still concerned, can disable Javascript in their browser, or use a client program (such as an smartphone app) to access Twitter as these are not affected by the exploit.