graphic

You are hereNewsWorm attack affects thousands of Twitter users

graphic
graphic

Worm attack affects thousands of Twitter users

21 September 2010 | Category: Online

Twitter accounts are finally back to normal following a massive worm attack. The incident, resulting from an XSS exploit that was supposed to have been fixed, but was later determined to be still open, began with simple JavaScript experiments before exploding into an all-out attack on Twitter itself.

Thousands of user accounts were unwittingly sending out tweet after tweet, all intended to point users to pornographic websites. According to Twitter officials, it took about four hours to clean up the mess once the chaotic incident was reported. In explaining the means of attack, Twitter security engineer Bob Lord said that “Cross-site scripting is the practice of placing code from an untrustworthy website into another one. In this case, users submitted JavaScript code as plain text into a Tweet that could be executed in the browser of another user."

Perhaps the most embarrassing thing about it is that the hole was reported to be closed, but is said to have been accidentally re-opened by a simple, minor update. Even worse is that the attack itself literally turned the social micro blogging service, known for its 140-character tweet limit, into a one-website botnet -- an attack that some security experts believe could have resulted in the world's biggest malware injection of all time.

Related categories

graphic