'Mouseover worm' affects Twitter

Caroline Cassidy

Opportunist hackers caused mayhem on Twitter yesterday, causing popup messages, blocks of colour, and redirects to appear when users hovered their cursor over infected tweets. Thousands of site users were affected by the security breach including Sarah Brown, wife of the former Prime Minister.

Top related searches:

  1. Twitter

  2. Twitter worm

  3. XSS prevention

  4. JavaScript

  5. Social networking

  6. Tweets

  7. XSS attacks

  8. Online security

  9. Enable popup blocker

  10. Hacking

In Mrs Brown's case, her Twitter page had been hacked so that when users moused over her tweets, they were redirected to a hard core porn site based in Japan.

When Mrs Brown realised that something was amiss, she tweeted a warning to her followers: "Don't touch the earlier tweet – this Twitter feed has something very odd going on."

The flaw in Twitter's code was caused by cross-site scripting (XSS), which allows hackers to inject their own code (in this case JavaScript) into websites and effectively gain control of it.

Magnus Holm, a web developer, claimed that he wrote the first worm that exploited the flaw in Twitter, but he insists it was not done maliciously but instead to test the site's security.

He said: "I wrote the first worm that has been spreading.

"I simply wanted to exploit the hole without doing any 'real' harm. It started off as 'ha, no way this is going to work'."

David Emm, senior regional researcher at Kaspersky Lab UK, said: "The vulnerability arose because of the way Twitter was handling links – specifically, it allowed someone to execute a script in the victim's browser when they loaded the Twitter page. Twitter blocked the vulnerability by changing the way it reads links.

"The purpose for using such a vulnerability is dependent on what an attacker designs a script to do. It could for example, redirect a victim from Twitter to a web site controlled by a cybercriminal.

"This site might contain a virus, worm or Trojan that installs on the victim's computer and brings it under the control of a cybercriminal.

"In this case it seems the attackers were mostly after notoriety and didn't seem intent on causing damage. Of course, this could have been far worse, so it's good that future attacks have been prevented."

The bug has since been fixed but if you are still concerned, experts recommend using a third party application to access tweets rather than the Twitter home page.

Are you a regular Twitter user who was affected by the 'mouseover worm'? Does it worry you that websites can be hacked in this way? Leave a comment and share your thoughts.