The popular site Twitter was invaded by malicious programs-Truth! But Now Resolved!

The popular site Twitter was invaded by malicious programs-Truth! But Now Resolved!

Summary of eRumor:

Reports that visiting the popular web site Twitter.com could activated pop-ups or redirect your computer to porn sites on the Internet simply by rolling the mouse curser over certain tweets.

The Truth:

It’s now safe to visit Twitter again, but the morning of September 21, 2010 many visitors were greeted with a screen full of gibberish that included raw JavaScript, mouse over effects, and retweets consisting of spam. Anyone who visited the site with scripting enabled was vulnerable to every thing from harmless span tweets on the screen to redirection to porn sites.

It wasn’t a typical infection. It is classed by experts as a “cross site scripting bug (XSS). The way Twitter was processing the message made it possible to include JavaScript in tweets and that created the mess as those who would exploit it figured out how to do it.

The flaw affected only the “old” Twitter site. The “new” Twitter was introduced to users last week.

Updated 09/21/10