Hackers create chaos on Twitter with 'worm' attacks

The information-rich world of Twitter was almost converted into total gobbledegook yesterday as hackers took advantage of a security flaw to create self-replicating "worms" that automatically posted themselves to users' accounts.

Any Twitter user who hovered their cursor over the unintelligible messages immediately risked spreading them to the accounts of their own followers. At its peak, over 100 such messages were being generated every second, causing consternation among the Twitter community, who rely on the service for everything from breaking news to inconsequential amusement.

The effects of the worm ranged from harmless messing about to malicious redirects to unsavoury websites; at one point Sarah Brown, wife of the former PM, unwittingly guided her 1.1 million devoted followers towards a Japanese pornography site. "Don't touch the earlier tweet," she posted later. "This twitter feed has something very odd going on!"

Odd indeed – but also something that was easily preventable, and which will have caused embarrassment to Twitter in the week following the much-publicised roll-out of its relaunched website.

The way Twitter works meant that the biggest damage was wrought by those with the largest number of followers. Sarah Brown was the most notable, but others included former deputy Prime Minister John Prescott, White House press secretary Robert Gibbs ("Absolutely no clue why it sent that message or even what it is") and comedian David Mitchell ("Apologies... more evil robots, basically. Get used to them, I say.")

Users who had already been granted access to the new-look version weren't affected, and nor were those who interact with the service using applications on their computers or mobile devices. The worm targeted those who still access their accounts by logging on to the main Twitter site – the vast majority – hence the worms' rapid spread.

This type of attack is known as XSS or "cross-site scripting", and is by far the most common way for web security to be compromised. If a hacker can find a way to execute a script on a website, that script can gain access to sensitive details that the browser might be holding on our behalf – including, as was the case here, the ability to automatically post messages on Twitter.

Awareness of the problem came to light early on Wednesday, when the person behind an account called @RainbowTwtr realised that the site's automatic conversion of website addresses within messages could be embellished with a potentially powerful code known as JavaScript.

Twitter patched this particular vulnerability within three hours, but XSS attacks will continue to affect users of popular websites; there will always be geeks keen to wreak havoc for financial gain.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Lead Developer - ASP.Net / C# / MVC / JavaScript / HTML5

    £55000 - £65000 per annum: Recruitment Genius: Our client is looking for a Lea...

    Recruitment Genius: IT Support Engineer

    £45000 - £48000 per annum: Recruitment Genius: An IT Support Engineer is requi...

    Recruitment Genius: Junior Web Designer

    £18000 - £20000 per annum: Recruitment Genius: This is a fantastic opportunity...

    Recruitment Genius: 1st / 2nd Line IT Support Technician

    £20000 - £25000 per annum: Recruitment Genius: They are a small IT consultancy...

    Day In a Page

    On your feet! Spending at least two hours a day standing reduces the risk of heart attacks, cancer and diabetes, according to new research

    On your feet!

    Spending half the day standing 'reduces risk of heart attacks and cancer'
    Liverpool close in on Milner signing

    Liverpool close in on Milner signing

    Reds baulk at Christian Benteke £32.5m release clause
    With scores of surgeries closing, what hope is there for the David Cameron's promise of 5,000 more GPs and a 24/7 NHS?

    The big NHS question

    Why are there so few new GPs when so many want to study medicine?
    Big knickers are back: Thongs ain't what they used to be

    Thongs ain't what they used to be

    Big knickers are back
    Thurston Moore interview

    Thurston Moore interview

    On living in London, Sonic Youth and musical memoirs
    In full bloom

    In full bloom

    Floral print womenswear
    From leading man to Elephant Man, Bradley Cooper is terrific

    From leading man to Elephant Man

    Bradley Cooper is terrific
    In this the person to restore our trust in the banks?

    In this the person to restore our trust in the banks?

    Dame Colette Bowe - interview
    When do the creative juices dry up?

    When do the creative juices dry up?

    David Lodge thinks he knows
    The 'Cher moment' happening across fashion just now

    Fashion's Cher moment

    Ageing beauty will always be more classy than all that booty
    Thousands of teenage girls enduring debilitating illnesses after routine school cancer vaccination

    Health fears over school cancer jab

    Shock new Freedom of Information figures show how thousands of girls have suffered serious symptoms after routine HPV injection
    Fifa President Sepp Blatter warns his opponents: 'I forgive everyone, but I don't forget'

    'I forgive everyone, but I don't forget'

    Fifa president Sepp Blatter issues defiant warning to opponents
    Extreme summer temperatures will soon cause deaths of up to 1,700 more Britons a year, says government report

    Weather warning

    Extreme summer temperatures will soon cause deaths of up to 1,700 more Britons a year, says government report
    LSD: Speaking to volunteer users of the drug as trials get underway to see if it cures depression and addiction

    High hopes for LSD

    Meet the volunteer users helping to see if it cures depression and addiction
    German soldier who died fighting for UK in Battle of Waterloo should be removed from museum display and given dignified funeral, say historians

    Saving Private Brandt

    A Belgian museum's display of the skeleton of a soldier killed at Waterloo prompts calls for him to be given a dignified funeral