Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Tumblr 101: Tips And Tricks To Get Started
Twitter onMouseOver flaw poses huge risk to users, is being actively exploited
Sophos Labs' Graham Cluely posted this morning about a nasty little Twitter security flaw that is being actively exploited. Twitter apparently doesn't block onMouseOver JavaScript code, which (you guessed it!) kicks in when your mouse pointer passes over a specially crafted link.
What happens next is up to the creator. It could be something harmless like the alert box you see above, or it could just as easily be a rogue antivirus pop-up or some nasty porn site. Again, you don't need to click -- you simply have to mouse over a link. As Cluely points out, all Twitter really needs to do is block the OnMouseOver text from being displayed.
TweetDeck reminds users that this exploit doesn't affect third-party clients. Unless you're using twitter.com, you should be totally safe.
At this point, probably 70% of the users I question about how they got an infection are telling me that they were fine until they clicked something from a friend on Facebook or Twitter. I'm starting to think those two sites are going to play cat-and-mouse with Adobe Reader and the Flash Player plug-in for the "who can cause the most malware infections" crown.
update: Twitter responded in a hurry, and the exploit has already been patched.
What happens next is up to the creator. It could be something harmless like the alert box you see above, or it could just as easily be a rogue antivirus pop-up or some nasty porn site. Again, you don't need to click -- you simply have to mouse over a link. As Cluely points out, all Twitter really needs to do is block the OnMouseOver text from being displayed.
TweetDeck reminds users that this exploit doesn't affect third-party clients. Unless you're using twitter.com, you should be totally safe.
At this point, probably 70% of the users I question about how they got an infection are telling me that they were fine until they clicked something from a friend on Facebook or Twitter. I'm starting to think those two sites are going to play cat-and-mouse with Adobe Reader and the Flash Player plug-in for the "who can cause the most malware infections" crown.
update: Twitter responded in a hurry, and the exploit has already been patched.
Comments
2
Subscribe to commentsf055Sep 21st 2010 10:16AM
This exploit is far worse than you think. One of the people I follow retweeted the malicious tweet, as a result my twitter.com homepage got a full-viewport overlay which triggers the malicious event on mouseover (but you cannot have your mouse anywhere else, it covers the whole page). I managed to undo the tweet from my own timeline, but if you don't it spreads like hell.
mijailtodorovichSep 21st 2010 11:37AM
You kinda forgot to pixelate the URL in that screenshot...