Top related searches:
- Twitter worm
- XSS prevention
- Social networking
- XSS attacks
- Online security
- Enable popup blocker
When Mrs Brown realised that something was amiss, she tweeted a warning to her followers: "Don't touch the earlier tweet – this Twitter feed has something very odd going on."
Magnus Holm, a web developer, claimed that he wrote the first worm that exploited the flaw in Twitter, but he insists it was not done maliciously but instead to test the site's security.
"I simply wanted to exploit the hole without doing any 'real' harm. It started off as 'ha, no way this is going to work'."
David Emm, senior regional researcher at Kaspersky Lab UK, said: "The vulnerability arose because of the way Twitter was handling links – specifically, it allowed someone to execute a script in the victim's browser when they loaded the Twitter page. Twitter blocked the vulnerability by changing the way it reads links.
"The purpose for using such a vulnerability is dependent on what an attacker designs a script to do. It could for example, redirect a victim from Twitter to a web site controlled by a cybercriminal.
"This site might contain a virus, worm or Trojan that installs on the victim's computer and brings it under the control of a cybercriminal.
"In this case it seems the attackers were mostly after notoriety and didn't seem intent on causing damage. Of course, this could have been far worse, so it's good that future attacks have been prevented."
The bug has since been fixed but if you are still concerned, experts recommend using a third party application to access tweets rather than the Twitter home page.
Are you a regular Twitter user who was affected by the 'mouseover worm'? Does it worry you that websites can be hacked in this way? Leave a comment and share your thoughts.