<<< NEWS FROM THE LAB - Tuesday, September 21, 2010 >>> ARCHIVES | SEARCH Worms Loose on Twitter.com Posted by Mikko @ 13:17 GMT Several related XSS Worms are spreading on twitter.com at the moment.







An XSS vulnerability was discovered earlier today, and we quickly saw several worms created by different individuals.



Most of the worms are using onmouseover techniques, meaning it's enough to simply move your mouse on top of a malicious (mischievous) Tweet to resend the malicious message to your followers.



Here's a screenshot of Mr. Magnus Holm's Twitter feed (read from bottom to top):







While Twitter's security team is scrambling to close this loophole, we expect problems to continue. It's perfectly possible that there will be more malicious attacks, possibly combining this technique with browser exploits.



In the meanwhile, we recommend you either:



• Log out of Twitter

• Use client programs to access Twitter instead of using twitter.com

• Turn off JavaScript



Twitter's Trending Topics is full of chatter related to the worms:







Another example of what you could do with the XSS vulnerability:







Updated to add: Twitter has fixed the XSS vulnerability and it's no longer exploitable.





















