After a short while the attacks started to pick up. Some people used the script to automatically repost the message under the user’s account, spreading the message from account to account. Others redirected the unknowing users to unrelated sites, including Rickrolling. About the same time, a few worms that included remote code started to do the rounds. The author of one of the XSS worms later said that he saw at least 200,000 messages from people infected with his creation. Of course some users had more sinister ideas and redirected the users to malicious sites or scam surveys. So even though we can say most of the observed attacks were not devastating and did not steal user credentials, it’s a serious occurrence never-the-less. But this incident has not been the first of its kind – as an example we saw a few Twitter worms last year—including the worms from Mikeyy—that spread through the social network.
These kind of attacks are of course not limited to Twitter alone. Similar issues can happen on other social networks, especially since XSS vulnerabilities are not as rare as one might think. The archive at one XSS reporting website lists several entries for each major social network:
XSS attacks on social networks do happen and can be more than just a nuisance, redirecting users to malicious websites or extracting private information from user accounts. The first step towards protecting yourself against these attacks is to be aware of them. To learn more on the risks of social networking then check out our whitepaper explaining the most common threats.