Today a new security flaw known as ‘onmouseover’ attacks thousands of online Twitter users. This post describes everything about this new twitter security flaw and how to stay safe from it. As you know Twitter is an online micro-blogging platform loved by all internet users. Everyday Twitter is facing more and more new security flaws.
At the moment, Twitter is under attack of a new Security flaw popularly known as ‘onmouseover’ Security Flaw Attack ( also called onmouseover twitter worm). You can see the current trending topic in Twitter is onmouseover. So I have did a search for it on Twitter itself and found a lot of Twitter users are re-tweeting it. All those tweets contain some weird Javascript. I have visited some of those users profiles and found 90% transparent html link in their profile with even blocks of colors. If you click anywhere on these users profile, you will be re-tweeting those Javascript and will be directed to any external websites mostly of p0rn, gambling and some websites loaded with virus. After a long search on Twitter itself I saw different Javascript was loaded and on even many Verified Twitter users have re-tweeted same tweets many times. So it’s clear that this new security vulnerability is not affected to all in the same way. This ‘onmouseover’ Security Flaw attacked only those who are using twitter from Twitter website.
Even Sarah Brown, wife of former British Prime Minister was also the victim of this new twitter attack. Sarah Brown’s Twitter page has been messed with in an attempt to redirect visitors to a hardc0re p0rn site based in Japan. That’s obviously bad news for her over one million of followers. Not only she, but also many many Twitter users are still under attack of this new Javascript onmouseover security loopehole. Also you can see many Japanese language in many users recent tweet. So I’m believing that this attack might be originated from Japan.
Also check my article on Orkut Virus afci005 and Bom Sabado Orkut Virus.
Some of the Twitter users are brilliantly making use of this new loophole to create tweets that contain blocks of colors (known as “rainbow tweets”). Because these twitter messages can hide their true content they might prove too hard for some twitter users to resist clicking on them.
How to stay safe from Onmouseover Security Flaw Attack on Twitter?
- Do not use Twitter from twitter website.
- Use Twitter from mobile applications or from desktop applications like Tweetdeck, Seesmic, Dabr etc
- Do not visit the profile of any users users who tweeted some weird javascript
- Tweet this post and share it with all your friends and relatives and protect them from being attacked by this through twitter, facebook etc
What to do if ‘onmouseover’ Security Flaw Attacked me/my Twitter profile?
- Login Twitter only from third-part applications like Tweetdeck, Seesmic, Dabr etc
- Delete all the tweets that you have not made or contain suspicious javascripts
- Change the password of your twitter account
- Spread this new twitter attack to all your friends and relatives
Our team have contacted the Twitter, but didn’t get any reply yet on this issue. We can expect that soon Twitter will resist this Security Flaw attack as soon as possible by disallowing twitter users to post the onMouseOver JavaScript code, and protecting twitter users whose browsing may be at risk. Now it’s your turn to share this post with friends and relatives and help them to be aware of this and thereby protect them from being attacked by this twitter onmouseover security flaw.
Update: Twitter has announced in their official blog that this security loophole has been fixed and twitter users can browse and enjoy twitter from web interface without any further security issues.
Comments and Discussions