Twitter Inflicted With Malicious Software

Twitter accounts, on September 21, 2010, were regaining their usual functioning following a severe attack from malware that had infected a huge 100,000 people's personal accounts. Techwatch.co.uk reported this on September 21, 2010.

Actually, a cross-site scripting (XSS) flaw was the reason for the problem, as a security researcher from Japan found that the flaw, supposedly patched during August 2010, continued to remain un-patched.

Says Bob Lord, security engineer at Twitter, during XSS attacks, software taken from a deceptive website is planted onto another site. According to him, during the present incident, users implanted a simple JavaScript text within one short message called Tweet for running it inside another user's browser. Techwatch.co.uk published this.

Lord further explains that first somebody set up an account which abused the flaw via converting tweets into various shades and triggering one dialog window having text that became visible when a user brushed his mouse on the Tweet's link. And for this reason the flaw is called "onMouseOver" vulnerability, the engineer states.

Meanwhile, when other users included their own software it resulted in people reconstructing the first tweet while remaining totally unaware.

Senior Technology Consultant Graham Cluley at Sophos the security company, while remarking about this security problem stated that it appeared as though numerous users were presently abusing the vulnerability to have fun and play games. However, this inevitably might allow cyber-criminals to divert Web-surfers onto 3rd-party malware-laden websites, alternatively to pop up spam ad windows, he warned. Softpedia.com published this on September 21, 2010.

Worryingly, earlier also similar flaws caused Twitter XSS alternatively clickjacking viruses to be created. However, the current XSS attack is a viral assault on Twitter.com of an unprecedented scale.

Notably, the new Twitter event takes place when there's already pressure on the company for enhancing its security as also making its processes more transparent. During June 2010, Twitter acquiesced with doing regular 3rd-party checking of all the security software it employed following several incidents which led the FTC to conduct investigations. Admitted Twitter that there'd been numerous security problems for it and those had allowed many infiltrations into its systems.

Related article: Twitter Flaw Compels Victims to Follow Hacker’s Account

» SPAMfighter News - 10/2/2010