Twitter under attack by 'mouseover bug'
Tuesday 21 September 2010
Twitter came under attack on Tuesday as hackers exploited a security flaw to wreak havoc on the microblogging service.
Computer security firms said thousands of users, or more, were affected by the bug, which automatically sent out or "re-tweeted" messages from a user's account simply by rolling over an infected link with the computer mouse.
The San Francisco-based Twitter said on its status blog that it had patched the security problem at 6:50 am California time (1350 GMT).
But not before thousands of users saw bizarre strings of computer code in their incoming message feed and inadvertently passed them on to other users in their list of followers.
Those hit by the bug included Sarah Brown, the wife of the former British prime minister who has over 1.1 million followers on Twitter, and White House press secretary Robert Gibbs, who has 97,000 followers.
"My Twitter went haywire - absolutely no clue why it sent that message or even what it is... paging the tech guys," Gibbs wrote on @presssec.
"This Twitter feed has something very odd going on," Brown said on @sarahbrownuk.
"Don't know what everyone else got, but my bug sent me an advert for a weight loss program - as if that would work!" she joked.
Security expert Graham Cluley of computer security firm Sophos said the "mouseover bug" only affected users of the Twitter.com website not third-party programs developed to access the popular microblogging service.
Cluley said the bug was activated by rolling over an infected message with a mouse and that a user did not have to click on a Web link to pass it on, as is the case with many hacking attacks.
Some users found that rolling over an infected link caused third-party websites to open in their Web browser including pornography sites, he said..
Cluley said in Sarah Brown's case her "Twitter page has been messed with in an attempt to redirect visitors to a hardcore porn site based in Japan."
"It looks like many users are currently using the flaw for fun and games," he said.
"But there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code, or for spam advertising pop-ups to be displayed," the Sophos computer security expert said.
The infected links looked like regular Twitter messages, or "tweets," but contained lines of random computer code or were completely blacked out like a message that has been redacted.
Twitter, which allows users to pepper one another with messages of 140 characters or less, has over 145 million registered users, co-founder Evan Williams said recently.
About 370,000 people are signing up daily for Twitter, and users fire off more than 90 million tweets each day, according to Williams.
Twitter unveiled a major redesign of its website a week ago that is being slowly rolled out to users of the service across the globe.
Threat of 'catastrophic cascade of collisions' must be averted, warn scientists
Life & Style blogs
American Apparel reveals 62-year-old Jacky O’Shaughnessy as underwear model
Pakistan vs Paul Smith: Sandal-wearers bemused by famed British designer's attempts to sell traditional Peshawari chappal-style shoes for the distinctly untraditional sum of £300
Blood test that predicts Alzheimer's disease
Lego told off by 7-year-old girl for promoting gender stereotypes
Titanfall: Release date, gameplay basics, DLC and everything else you need to know
Britain's top vet sparks controversy with call for ban on slashing animals' throats in 'ritual' slaughters for halal and kosher meat products
Poor 'live like animals' says Boris's privately educated sister after going on 'poverty safari'
Exclusive: Impact of immigrants on British workers ‘negligible’
Vince Cable: Teachers 'know absolutely nothing' about the world of work
Ukraine crisis: Russia pledges to 'retaliate against sanctions' as Ukrainian president says Crimea vote will not be recognised
The quiet diplomat: Catherine Ashton - recognised and admired in all the world’s troubled countries, yet ridiculed at home
- 1 Australian man Rod Sommerville reacts to bite from deadly snake by reaching for cold beer
- 2 Pakistan vs Paul Smith: Sandal-wearers bemused by famed British designer's attempts to sell traditional Peshawari chappal-style shoes for the distinctly untraditional sum of £300
- 3 North Korea elections: Kim Jong-un wins 100% of the vote
- 4 Grace Dent: Who cares if she spells it Barraco Barner? Gemma Worrall is more employable than some bookish arts graduate
- 5 Sharknado 2: Former WWE wrestler Kurt Angle to fight second wave of flying sharks
iJobs Gadgets & Tech
£35000 - £45000 per annum + excellent company benefits : Pro-Recruitment Group...
£35000 - £60000 per annum + Bonus + Benefits: Pro-Recruitment Group: You must ...
£50000 - £60000 per annum + Benefits + Bonus: Harrington Starr: C# .NET Develo...
£45000 - £60000 per annum + Bonus+Benefits+Package: Harrington Starr: C# CTRM ...