New Twitter Exploit Was Spreading Like Wildfire

New Twitter Exploit Was Spreading Like Wildfire

Twitter is seriously screwed up at the moment, thanks to a new Javascript exploit that’s currently slamming the service. Visitors of Twitter’s website are inadvertently retweeting spam and porn to their followers, just by hovering over tweets. UPDATE: Patched

Update: Twitter says, “The exploit is fully patched.”

The exploit takes advantage of the Javascript function onMouseOver, enticing users with colourful blocks of text – “rainbow tweets” – and then retweeting those messages automatically when the block is moused over. In some cases, the links launch pop-up windows, in others users are being directed to spam and porn sites. Commenter RawheaD points out that one variant turns the whole browser window into a MouseOver area, so putting your mouse anywhere in the window will trigger a retweet.

Reader Mike sent a video of the exploit in action. As soon as he moves his cursor from the toolbar to the body of the page, it retweets the exploit and attempts to send a Direct Message.

Sarah Brown, wife of former British Prime Minister Gordon Brown, was hit with the exploit earlier this morning. Her page displayed a gigantic letter “h” and redirecting users to a Japanese porn site.

Third-party apps are safe from the bug and can be used to delete the inadvertent retweets if you’ve been hit. But for now, because the exploit is spread merely by hovering over tweets, visiting the Twitter website almost guarantees that you’ll inadvertently end up spamming your followers. [Sophos]