Twitter under attack by 'mouseover bug'

Twitter came under attack on Tuesday as hackers exploited a security flaw to wreak havoc on the microblogging service.

Computer security firms said thousands of users, or more, were affected by the bug, which automatically sent out or "re-tweeted" messages from a user's account simply by rolling over an infected link with the computer mouse.

The San Francisco-based Twitter said on its status blog that it had patched the security problem at 6:50 am California time (1350 GMT).

But not before thousands of users saw bizarre strings of computer code in their incoming message feed and inadvertently passed them on to other users in their list of followers.

Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over 1.1 million followers on Twitter, and White House press secretary Robert Gibbs, who has 97,000 followers.

"My Twitter went haywire - absolutely no clue why it sent that message or even what it is... paging the tech guys," Gibbs wrote on @presssec.

"This Twitter feed has something very odd going on," Brown said on @sarahbrownuk.

"Don't know what everyone else got, but my bug sent me an advert for a weight loss program - as if that would work!" she joked.

Security expert Graham Cluley of computer security firm Sophos said the "mouseover bug" only affected users of the Twitter.com website not third-party programs developed to access the popular microblogging service.

Cluley said the bug was activated by rolling over an infected message with a mouse and that a user did not have to click on a Web link to pass it on, as is the case with many hacking attacks.

Some users found that rolling over an infected link caused third-party websites to open in their Web browser including pornography sites, he said..

Cluley said in Sarah Brown's case her "Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan."

"It looks like many users are currently using the flaw for fun and games," he said.

"But there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," the Sophos computer security expert said.

The infected links looked like regular Twitter messages, or "tweets," but contained lines of random computer code or were completely blacked out like a message that has been redacted.

Twitter, which allows users to pepper one another with messages of 140 characters or less, has over 145 million registered users, co-founder Evan Williams said recently.

About 370,000 people are signing up daily for Twitter, and users fire off more than 90 million tweets each day, according to Williams.

Twitter unveiled a major redesign of its website a week ago that is being slowly rolled out to users of the service across the globe.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Sales Executive - OTE £25,000

    £15000 - £25000 per annum: Recruitment Genius: This is an exciting opportunity...

    Guru Careers: .NET Developer / Web Developer

    £35-45K (DOE) + Benefits: Guru Careers: We are seeking a .NET Developer / Web ...

    Recruitment Genius: Full Time and Part Time Digital Designer - North Kent

    £20000 - £23000 per annum: Recruitment Genius: This successful web design/deve...

    SThree: Recruitment Consultant - IT

    £25000 - £30000 per annum + Uncapped Commission: SThree: Sthree are looking fo...

    Day In a Page

    Revealed: Why Mohammed Emwazi chose the 'safe option' of fighting for Isis, rather than following his friends to al-Shabaab in Somalia

    Why Mohammed Emwazi chose Isis

    His friends were betrayed and killed by al-Shabaab
    'The solution can never be to impassively watch on while desperate people drown'
An open letter to David Cameron: Building fortress Europe has had deadly results

    Open letter to David Cameron

    Building the walls of fortress Europe has had deadly results
    Tory candidates' tweets not as 'spontaneous' as they seem - you don't say!

    You don't say!

    Tory candidates' election tweets not as 'spontaneous' as they appear
    Mubi: Netflix for people who want to stop just watching trash

    So what is Mubi?

    Netflix for people who want to stop just watching trash all the time
    The impossible job: how to follow Kevin Spacey?

    The hardest job in theatre?

    How to follow Kevin Spacey
    Armenian genocide: To continue to deny the truth of this mass human cruelty is close to a criminal lie

    Armenian genocide and the 'good Turks'

    To continue to deny the truth of this mass human cruelty is close to a criminal lie
    Lou Reed: The truth about the singer's upbringing beyond the biographers' and memoirists' myths

    'Lou needed care, but what he got was ECT'

    The truth about the singer's upbringing beyond
    Migrant boat disaster: This human tragedy has been brewing for four years and EU states can't say they were not warned

    This human tragedy has been brewing for years

    EU states can't say they were not warned
    Women's sportswear: From tackling a marathon to a jog in the park, the right kit can help

    Women's sportswear

    From tackling a marathon to a jog in the park, the right kit can help
    Hillary Clinton's outfits will be as important as her policies in her presidential bid

    Clinton's clothes

    Like it or not, her outfits will be as important as her policies
    NHS struggling to monitor the safety and efficacy of its services outsourced to private providers

    Who's monitoring the outsourced NHS services?

    A report finds that private firms are not being properly assessed for their quality of care
    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    Zac Goldsmith: 'I'll trigger a by-election over Heathrow'

    The Tory MP said he did not want to stand again unless his party's manifesto ruled out a third runway. But he's doing so. Watch this space
    How do Greek voters feel about Syriza's backtracking on its anti-austerity pledge?

    How do Greeks feel about Syriza?

    Five voters from different backgrounds tell us what they expect from Syriza's charismatic leader Alexis Tsipras
    From Iraq to Libya and Syria: The wars that come back to haunt us

    The wars that come back to haunt us

    David Cameron should not escape blame for his role in conflicts that are still raging, argues Patrick Cockburn
    Sam Baker and Lauren Laverne: Too busy to surf? Head to The Pool

    Too busy to surf? Head to The Pool

    A new website is trying to declutter the internet to help busy women. Holly Williams meets the founders