By: Brian Prince
2010-09-27
Twitter users Sunday were infected by a worm that posted sexual messages on victims' profiles.
Twitter users were hit with yet another worm during the weekend.
This time, the tweets came bearing the message "WTF" with a link in tow. Clicking on the link automatically generated a post from the victim with a pornographic message.
“Clicking on the WTF link would take you to a webpage which contained some trivial code which used a CSRF (cross-site request forgery) technique to automatically post from the visitor's Twitter account,” explained Graham Cluley, senior technology consultant at Sophos. “All the user sees if they visit the link is a blank page, but behind the scenes it has sent messages to Twitter to post from your account.”
Though Sophos did not know how many users were impacted, Sophos Senior Security Analyst Beth Jones said it was not "nearly as widespread" as last week's onMouseOver worms, which affected hundreds of thousands of Twitter users. In that case, a cross-site scripting vulnerability was exploited by various people to send out multiple worms that among other things redirected users to porn sites.
As in that incident, the most recent attack snared some high-profile Twitter users, including blogger Robert Scoble.
“Chances are that the reason why this attack spread so speedily is that people were curious to find out what they would find at the end of a link only described as 'WTF',” Cluley blogged.
Twitter reported Sept. 26 that the malicious link is disabled and that the exploit has been fixed.
Founded in 1991, Future Quest Technologies was created based on a fresh consumer need: on-site technology delivery. Future Quest Tech strove to be, and successfully became, a woman-owned trusted provider of Information Technology products, services and support. For 20+ yrs now, I've focused on financial crimes and digital investigations. My aim is to guide other FinCrime Investigators to be the best investigators they can be.
Subscribe to:
Post Comments (Atom)
-
Missing evidence is not the same as missed evidence or evidence that is lost. When I speak of missed evidence it relates to evidence that...
-
Romance and Pig Butchering Scams: History, Impact, and Prevention By Eina JL Schroeder, CAMS/CFCS Romance Scams Imagine your single, read...
-
It’s a little more complicated than just copying data By Barbara Krasnoff Sep 2, 2020, 4:35pm EDT Two-factor authentication (2FA) is ...
No comments:
Post a Comment