By: Brian Prince
2010-09-27
Twitter users Sunday were infected by a worm that posted sexual messages on victims' profiles.
Twitter users were hit with yet another worm during the weekend.
This time, the tweets came bearing the message "WTF" with a link in tow. Clicking on the link automatically generated a post from the victim with a pornographic message.
“Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor's Twitter account,” explained Graham Cluley, senior technology consultant at Sophos. “All the user sees if they visit the link is a blank page, but behind the scenes it has sent messages to Twitter to post from your account.”
Though Sophos did not know how many users were impacted, Sophos Senior Security Analyst Beth Jones said it was not "nearly as widespread" as last week's onMouseOver worms, which affected hundreds of thousands of Twitter users. In that case, a cross-site scripting vulnerability was exploited by various people to send out multiple worms that among other things redirected users to porn sites.
As in that incident, the most recent attack snared some high-profile Twitter users, including blogger Robert Scoble.
“Chances are that the reason why this attack spread so speedily is that people were curious to find out what they would find at the end of a link only described as 'WTF',” Cluley blogged.
Twitter reported Sept. 26 that the malicious link is disabled and that the exploit has been fixed.
Founded in 1991, Future Quest Technologies was created based on a fresh consumer need: on-site technology delivery. Future Quest Technologies strove to be, and successfully became, a trusted provider of Information Technology products, services and support. Customers are comfortable knowing they have knowledge, expertise and commitment behind my technology recommendations.
Subscribe to:
Post Comments (Atom)
-
It’s a little more complicated than just copying data By Barbara Krasnoff Sep 2, 2020, 4:35pm EDT Two-factor authentication (2FA) is ...
-
A recent update to Windows Defender gave it the ability to download files through a command line tool. A recent update to the built-in antiv...
-
MARSHALL GUNNELL @marshall_g08 SEPTEMBER 1, 2020, 10:24AM EDT One of the first rules of cyber security is to always lock your PC before s...
No comments:
Post a Comment