Tuesday, September 21, 2010

Twitter scrambles to block worms

Twitter scrambles to block worms

SarahBrown Twitter  
 
Sarah Brown, wife of former PM Gordon Brown, was one of those affected
Twitter has patched a flaw in its website that was being exploited to pump out pop-up messages and links to porn sites.
Initially, users only had to move their mouse over a message containing a link - not click it - to open it in the browser.
The code was spread by worms, self-replicating, malicious pieces of code.
Thousands of users were caught out by the flaw, including Sarah Brown, the wife of the UK's former Prime Minister.
"The exploit is fully patched," Twitter said on its status blog.
People using third-party Twitter software - such as Tweetdeck - were unaffected by the problem.
The flaw comes just one week after Twitter rolled out a major redesign of its site.
'No regrets'
The code exploited what is known as a cross-site scripting (XSS) vulnerability, a flaw in a website that can be exploited by relatively simple code.
In the case of the most recent flaw, the command - written in a programming language called Javascript - automatically directed users to another website, some of which contained pornography.

Related stories

The malicious links looked like a block of colour or a random URL that contained the code "onmouseover", which triggered when the cursor hovered over the link.
As well as directing users to websites and pop-ups, the code also sent a message from the infected user's account containing more code, essentially making the command self-replicating.
"There is no legitimate reason to tweet Javascript," Graham Cluley, a researcher at security firm Sophos, told BBC News.
The first self-replicating code, or worm, seems to have been written by a developer called Magnus Holm.
"I simply wanted to exploit the hole without doing any 'real' harm," he told BBC News. "It started off as 'ha, no way this is going to work'."

Start Quote

It was only a matter of time before more serious worms started”
End Quote Magnus Holm
He said the flaw had been identified by others and had already been used for other means.
"There were several other tiny hacks using the exploit - I only created the worm," he said.
Mr Holm said he had seen his worm passed around in at least 200,000 messages.
Others soon copied his code using "other nasty or smart tricks" he said, including directing people to porn sites.
"It was only a matter of time before more serious worms started."
A Twitter user called Matsta appeared to have spread one variant. Their account has now been suspended.
Mr Holm said he had no regrets about his actions and was "not sure" whether he would receive a call from Twitter.
It is not the first time the service has suffered an attack.
In April 2009, another worm spread links to a rival site, again showing unwanted messages on infected user accounts.
Mr Cluley said that Twitter needs "much tighter control" over what users can contain in a tweet to prevent similar problems in the future.
He also warned users to continue to be on their guard, as once an exploit had been found there would be a raft of hackers looking for new ones or ways to circumvent the patch.
"We've seen it in the past," he said. "When Twitter says they have fixed a flaw, we see a new exploit again and again."

No comments:

Post a Comment