Loading
-
Twitter Hit by WTF Link Worm, Now Fixed
Techtree News Staff, Sep 28, 2010 1547 hrs ISTThis is the second attack on Twitter in the past few days
Micro-blogging website Twitter was hit by the MouseOver JavaScript flaw exploit last week. Just 24 hours ago, Twitter was again hit by a 'Who To Follow' link based worm that sent out Twitter updates with profane language related to goats. Sophos security researcher, Graham Cluley pointed out that the worm spreads once the user clicks on the malicious WTF link.
Twitter's Status blog did acknowledge the issue related to malicious link that sends profane twitter update on being clicked on it. This worm affected some prolific Twitter users who happen to click on link with "WTF:" text in it. This WTF refers to Twitter's newly introduced "Who To Follow" feature.
Cluley, in the blogpost, at Sophos blog stated, "Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor's Twitter account."
When the user clicks on the link, the browser takes the user to a blank page. But in the background, a profane message stating the user is "fond" of goats is secretly posted from the user's account on Twitter. This link affected only those who were signed into Twitter while clicking on the link.
Twitter is busy sorting out security issues while several users anxiously wait for the New Twitter web interface.
Twitter Status blog noted that the link has been disabled and the process of removing offending tweets is in progress. There is nothing to worry about. Relax and tweet.
Twitter's Status blog did acknowledge the issue related to malicious link that sends profane twitter update on being clicked on it. This worm affected some prolific Twitter users who happen to click on link with "WTF:" text in it. This WTF refers to Twitter's newly introduced "Who To Follow" feature.
Cluley, in the blogpost, at Sophos blog stated, "Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor's Twitter account."
When the user clicks on the link, the browser takes the user to a blank page. But in the background, a profane message stating the user is "fond" of goats is secretly posted from the user's account on Twitter. This link affected only those who were signed into Twitter while clicking on the link.
Twitter is busy sorting out security issues while several users anxiously wait for the New Twitter web interface.
Twitter Status blog noted that the link has been disabled and the process of removing offending tweets is in progress. There is nothing to worry about. Relax and tweet.
Related Links
Tag keywords
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls