Twitter Users Attacked Because of Security Flaw

Posted by On September 29, 2010 0 Comment

A security issue has affected Twitter.com users that causes potentially dangerous content to appear on computer screens without warning, according to internet security insiders. A link appears on the site, and the content appears if a user simply mouse over the link, they do not even have to click it. Security professionals are recommending users avoid Twitter until the issue has been resolved.

The dangerous links have also reportedly been sent to the followers of infected users, spreading the security flaw across the Twitter network. The bug can reportedly be harmless, simply causing users to go to sites they didn’t intend to, but it can also be used by hackers to install malicious spyware on your computer.

The bug appears to be affecting both the new and old versions of Twitter, as the site was recently updated to improve the overall look and functionality, including a new capability for users to embed video clips in their posts. Experts say that using Twitter through third-party programs like TweetDeck or Seesmic should keep users safe.

A handful of fairly prominent Twitter users have reportedly been affected by the bug, including the wife of former British Prime Minister Gordon Brown, Sarah. In her case, her Twitter page has been infected in such a way as to redirect her followers to a hardcore pornography website in Japan. Brown has more than one million followers, who were obviously taken aback by the inappropriate content found by visiting her Twitter account. Mrs. Brown warned her followers earlty Tuesday with the following post: “don’t touch the earlier tweet – this twitter feed has something very odd going on ! Sarah.”

The White House Press Secretary Robert Gibbs posted a message about the bug in his Twitter account Tuesday morning, as well.

Twitter reported on its blog Tuesday morning it had fixed the security issue, after earlier saying that they had identified and were working on the problem. “My Twitter went haywire – absolutely no clue why it sent that message or even what it is…paging the tech guys…” Gibbs remarked on his Twitter feed.

Several videos were posted by internet security experts showing how the bug works. When a user’s mouse pointer moves over the infected post, they are automatically redirected to another website which may contain inappropriate or malicious content, the user doesn’t even have to click.

One expert said that so far the bug appears to have only been used for directing users to pornographic sites and other inappropriate content, but the potential is there for cybercriminals to exploit the bug by sending users to websites with malicious code.

It is not yet known how the issue originated, but experts guess that a flaw in Twitter’s code allowed the bug to arise. The flaw may have been there for years, unknown to cybercriminals and web pranksters, or may have originated recently. There have been a number of this type of worm spreading via Twitter accounts before, but this is the largest in recent years.

A handful of web security experts have advised users to log out of Twitter, disable Java Script, and avoid Twitter until a resolution to the issue is confirmed. While Twitter claims to have resolved the issue on Tuesday, experts expect problems to continue.