Twitter Hit With Second Worm In a Week

adeelarshad82 writes "Days after a site update unleashed a Twitter cross-site scripting attack, the micro-blogging site was again hit with a bug that spread via questionable links. The offending messages appeared on a user's Twitter feed with 'WTF:' followed by a link. If you clicked on that link, you were taken to a blank page, but behind the scenes, the worm would post vulgar messages on your account that discussed, well, sex involving goats."

Re:where is that goatsex link when you need it?

[ShaunC]

WTF: Goatse

Re:I guess this script is baaaad for you.

[Bill,+Shooter+of+Bul]

No. This is a Cross site Request Forgery attack. The Script in this case, was on the linked site, not in the tweet.

For those not in the know:

OWASP Cross Site Request Forgery Prevention sheet Sheet

Re:I guess this script is baaaad for you.

[nacturation]

This post explains it quite well: http://www.andrewnacin.com/2010/09/26/csrf-twitter/

Essentially, just create one or more iframes, with the iframe source set to http://twitter.com/share/update?status=WTF+PAYLOAD

As long as you're logged into Twitter via the web, it will auto-post that update without any request for permission from you.

Re:Great - more 4Chan?

[icebraining]

Or you could install this GM script which expands them to the real URL without actually loading it.

Re:where is that goatsex link when you need it?

[Jedi+Alec]

Next up: Twitter worms that discuss Natalie Portman naked and petrified, GNAA trolls and of course the classic penis bird.