Twitter users Sunday were infected by a worm that posted sexual messages on victims' profiles.
Twitter users were hit with yet another worm during the weekend.
This time, the tweets came bearing the message "WTF" with a link in
tow. Clicking on the link automatically generated a post from the
victim with a pornographic message.
"Clicking on the WTF link would take you to a webpage which
contained some trivial code which used a CSRF (cross-site request
forgery) technique to automatically post from the visitor's Twitter
account," explained Graham Cluley
senior technology consultant at Sophos. "All the user sees if they
visit the link is a blank page, but behind the scenes it has sent
messages to Twitter to post from your account."
Though Sophos did not know how many users were impacted, Sophos
Senior Security Analyst Beth Jones said it was not "nearly as
widespread" as last week's onMouseOver worms
which affected hundreds of thousands of Twitter users. In that case, a
cross-site scripting vulnerability was exploited by various people to
send out multiple worms that among other things redirected users to
As in that incident, the most recent attack snared some high-profile Twitter users, including blogger Robert Scoble.
"Chances are that the reason why this attack spread so speedily is
that people were curious to find out what they would find at the end of
a link only described as 'WTF'," Cluley blogged.
Twitter reported Sept. 26 that the malicious link is disabled and that the exploit has been fixed.