Twitter Mouse-Over Flaw Send Users to Dangerous Links

On Tuesday morning September 21, 2010, Twitter.com was hacked in a very crafty way.  Twitter users needed to only move their mouse cursor over links on their twitter page to be redirected without the user intervention or permission.  When redirected, they would be sent to malicious and offensive destinations, such as porn sites and malware sites.

As of 9:45 a.m. EDT, Twitter had identified the exploit and are currently taking steps to recertify the matter.  Twitter administrators posted:

“please message @safety if you have info regarding such an exploit. We expect the patch to be fully rolled out shortly and will update again when it is.”

Inserting a line of JavaScript into the tweet, containing the command “onmouseover”, activates the flaw.  The exploit is also being used to fill and submit status updates when rolled over, leading to further issues for users.

For now, it is recommended Twitter users access the site from a third-party client, such as TweetDeck, Seesmic or their mobile devices, since they are not vulnerable to the “onmouseover” exploit.

Check out an example of the exploit below:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.