A security vulnerability in Twitter is being exploited to redirect users to websites without their consent as well as “retweet,” or broadcast, the link to their followers.<\/p>\n
Only those users who view the links on the official Twitter web interface while logged into their accounts seem to be affected at present, however.<\/p>\n
What makes the “virus” particularly unique is the fact that users don’t have to click on a link to be affected. It makes use of a method called “onMouseOver” and JavaScript to make the user’s Twitter account do the bidding of the exploiter.<\/p>\n
Mashable reports that they’ve seen versions of the exploit opening popups and redirecting users to pornographic websites.<\/p>\n
One of the links, kindly provided by one of the people we follow, creates an overlay over the whole Twitter interface, retweets the link and sends a direct message somewhere.<\/p>\n
We contacted Twitter for comment and received their standard “Something is technically wrong. Thanks for noticing…” message, but haven’t received any word from them yet.<\/p>\n
ReadWriteWeb reports that Twitter has said that the cross-site scripting (XSS) attack has been identified and patched. We can confirm that for our accounts, including a throw away account we created to test some of the attack-tweets, the exploit doesn’t seem to be working anymore.<\/p>\n