Twitter users were hit with yet another worm during the weekend.
This time, the tweets came bearing the message “WTF” with a link in tow. Clicking on the link automatically generated a post from the victim with a pornographic message.
“Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor’s Twitter account,” explained Graham Cluley, senior technology consultant at Sophos. “All the user sees if they visit the link is a blank page, but behind the scenes it has sent messages to Twitter to post from your account.”
Though Sophos did not know how many users were impacted, Sophos Senior Security Analyst Beth Jones said it was not “nearly as widespread” as last week’s onMouseOver worms, which affected hundreds of thousands of Twitter users. In that case, a cross-site scripting vulnerability was exploited by various people to send out multiple worms that among other things redirected users to porn sites.
As in that incident, the most recent attack snared some high-profile Twitter users, including blogger Robert Scoble.
“Chances are that the reason why this attack spread so speedily is that people were curious to find out what they would find at the end of a link only described as ‘WTF’,” Cluley blogged.
Twitter reported Sept. 26 that the malicious link is disabled and that the exploit has been fixed.