Twitter Users Infected With New Worm Attack

Security measures at micro blogging website Twitter have been exposed again after Twitter users were hit with yet another worm over the weekend.

This time, the tweets came bearing the message “WTF” with a link in tow. Clicking on the link automatically generated a post from the victim with a pornographic message.

Infected Twitter Links

“Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor’s Twitter account,” explained Graham Cluley, senior technology consultant at Sophos. “All the user sees if they visit the link is a blank page, but behind the scenes it has sent messages to Twitter to post from your account.”

Though Sophos did not know how many users were impacted, Sophos Senior Security Analyst Beth Jones said it was not “nearly as widespread” as last week’s onMouseOver worms, which affected hundreds of thousands of Twitter users.

In that case, a cross-site scripting vulnerability was exploited by various people to send out multiple worms that among other things redirected users to porn sites.

As in that incident, the most recent attack snared some high-profile Twitter users, including blogger Robert Scoble.

Curiosity Kills The Cat

“Chances are that the reason why this attack spread so speedily is that people were curious to find out what they would find at the end of a link only described as ‘WTF’,” Cluley blogged.

Twitter reported 26 September that the malicious link is disabled and that the exploit has been fixed.