NEWS FROM THE LAB - Tuesday, September 21, 2010

Worms Loose on Twitter.com Posted by Mikko @ 13:17 GMT

Several related XSS Worms are spreading on twitter.com at the moment.

Twitter worm

An XSS vulnerability was discovered earlier today, and we quickly saw several worms created by different individuals.

Most of the worms are using onmouseover techniques, meaning it's enough to simply move your mouse on top of a malicious (mischievous) Tweet to resend the malicious message to your followers.

Here's a screenshot of Mr. Magnus Holm's Twitter feed (read from bottom to top):

Twitter worm

While Twitter's security team is scrambling to close this loophole, we expect problems to continue. It's perfectly possible that there will be more malicious attacks, possibly combining this technique with browser exploits.

In the meanwhile, we recommend you either:

  •  Log out of Twitter
  •  Use client programs to access Twitter instead of using twitter.com
  •  Turn off JavaScript

Twitter's Trending Topics is full of chatter related to the worms:


Another example of what you could do with the XSS vulnerability:

Twitter worm

Updated to add: Twitter has fixed the XSS vulnerability and it's no longer exploitable.