Twitter Hacked: Malicious Tweets Push Pop-Ups and Porn

Think twice about tweeting Tuesday. A vulnerability on the Twitter.com web site is infecting users who mouse over malicious tweets, even if they don't crack them open, according to security experts. And in mousing over an infected tweet, users could potentially expose themselves to a number of nefarious actions by the attacker.

For starters, mousing over one of these malicious tweets can result in pop-ups and websites automatically opening up in a user's browser in an attempt to redirect them to another site, says Graham Cluley, a security expert with Sophos. And in some cases, those redirections are to a hardcore porn site in Japan, he noted.

Secondly, passing over the infected tweet could also contaminate a user's own twitter account, serving as flypaper to all those who visit that user's Twitter page, and infecting their accounts as well. Lastly, simply by mousing over an infected tweet, a user may unknowingly end up sending tweets to others in the background, Cluley said.

Sponsored Links

"The danger of this is millions of people are on Twitter and this [attack] can spread quickly," Cluley warned.

Twitter says it's working on a fix and expects to roll it out shortly. And the malicious attack only affects those visiting Twitter.com or users' infected Twitter account pages, not third-party tweet distribution services.

This latest attack isn't the first time a security flaw in Twitter has been exploited, but Cluley noted that this one has the potential to affect the greatest number of users. Last year, French authorities arrested a man suspected of breaking into high-profile Twitter accounts belonging to singer Britney Spears and President Obama. And earlier this year, Twitter settled with the Federal Trade Commission over security lapses and privacy issues with its service.

Cluley posted video on his Sophos blog about how the attack works, giving users a sneak peak without infecting their computer: