Via F-Secure -
A cross-site scripting worm was spreading in Twitter profiles for several hours last night.
[...]
Many people followed the links to stalkdaily.com, as they believe the messages to be genuine Tweets from their friends. A cross-site script on the site then caused new users to start to Tweet the same messages.
[...]
As expected, the whole worm was a publicity stunt by stalkdaily.com.
You can see the latest official status of Twitter from their status page at status.twitter.com
We detect the script file as Worm:JS/Twettir.A
Updated to add: This is not over. There's going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don't view profiles, don't follow links. It's beautiful outside, maybe go for a walk instead?
All these attacks are Javascript-based. Turn Javascript off if you're worried. More info here.
No comments:
Post a Comment