The Wormy FailWhale: Twitter Slammed by XSS Worm
Remember when the most popular vul-riddled software beloved by all was Windows 95? My how times have changed. Nowadays its Adobe everything and Twitter.
[ad code=2 align=center]
This morning Twitter had a cross site scripting vulnerability exploited which resulted in normal users retweeting worm code simply by rolling over the names of those they were following.
Mikko Hyponnen of F-Secure posted a video showing the cascading tweets of those impacted by the worm.
I don’t think it caused any malcode to be delivered to the users of Twitter- it simply used java to retweet the malcode to all of their followers. Several popular AV companies were seen to retweet it too, including McAfee and Panda Virus. Those using a 3rd party platform such as an iPhone or Tweetdeck were not impacted.