The Wormy FailWhale: Twitter Slammed by XSS Worm

Remember when the most popular vul-riddled software beloved by all was Windows 95? My how times have changed. Nowadays its Adobe everything and Twitter.

[ad code=2 align=center]

This morning Twitter had a cross site scripting vulnerability exploited which resulted in normal users retweeting worm code simply by rolling over the names of those they were following.

Mikko Hyponnen of F-Secure posted a video showing the cascading tweets of those impacted by the worm.

I don’t think it caused any malcode to be delivered to the users of Twitter- it simply used java to retweet the malcode to all of their followers. Several popular AV companies were seen to retweet it too, including McAfee and Panda Virus. Those using a 3rd party platform such as an iPhone or Tweetdeck were not impacted.