Twitter Bug floods users with suspicous links

1125twitterbug.jpg

A worm in the new Twitter has affected thousands of users including celebrities like Sarah Brown. The bug only affects people using Twitter on the Twitter.com website, not those on third party apps like TweetDeck.

The bug makes users inadvertently post malicious links which open up new windows showing either porn or dubious software. The particularly dangerous bit of the bug is that you don’t even need to click on the links for the windows to be opened up, it’s enough to simply roll the mouse over them. The attacking software is known as OneMouseOver and redirects users to hardcore Japanese porn.

According to various sources, the problem arises because users are able to post chunks of Javascript program code inside tweets – and because Twitter has not disabled this, the Javascript can become active when a mouse is rolled over it. Originally just used for fun by users to change the colour of their tweets (known as rainbow tweets), it has taken a turn to the dark side with criminals hijacking the javascript to redirect users to dodgy sites.

Advice is to use Twitter clients not the main webstite until the flaw is cleared.

Anna Leach