Early bird prices are coming to an end soon... ⏰ Grab your tickets before January 17

This article was published on September 26, 2010

Twitter user accounts, including mine, used to spread Worm.


Twitter user accounts, including mine, used to spread Worm.

Well I just came onto twitter to find my account had tweeted something extrememely vulgar – something I clearly would not have tweeted. It wasn’t long before I discovered a number of other users had tweeted the exact same tweet , all preceded by a “WTF” tweet with an attached link (do NOT click that link).

That WTF link opens two iframes. It doesn’t technically hack your Twitter account but does use your logged in browser session to tweet – this is reportedly called “cross-site request forgery”. For a detailed run through of how the script works, read this.

This isn’t the first twitter “hacking” to take place recently. Earlier this week, twitter was aflutter with news of a worm spreading through Twitter. The “onMouseOver” issue–which presented pop-up boxes and redirected users to porn sites–relatively quickly handled by Twitter.

What you need to know: Simple, don’t click on any links that look suspicious or include “WTF”.

Update: The exploit has reportedly been fixed in both old and new twitter but for now don’t click on any links that look suspicious or include “WTF”.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

Update 2: Twitter just posted this message on their Status blog: “A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.”

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top