Twitter: Worm Attacks April 14, 2009Posted by baldricman in News, Tech.
Tags: attack, cross site scripting, twitter, worm, xss
This past weekend saw social platform Twitter experiencing sustained and serious attacks, from at least 3 worms, all of very similar nature. The attacks were exploiting cross site scripting (XSS) bugs in Twitter, and manifested in “booby-trapped” profile pages of certain users. Users viewing these profiles would then essentially flood the network with thousands of tweets promoting a site, StalkDaily.com.
Twitter subsequently received a fair amount of flak, not only for the bug’s existance, but more for the slow response time, and then most importantly, the fact that subsequent attacks succeeded, thereby indicating that the Twitter fixes were merely symptomatic, and did not address the actual bug.
Luckily for Twitter, and its users, the worms were not particularly malicious. But, it serves as a useful warning to those of us who implicitly trust content and urls on well-known sites. What I find particularly concerning in this example is the likelihood of the average user (myself included) to click on those shortened urls so prevalent in Twitter.
See original post on The Register here.