본문 바로가기
스마트폰 (Mobile)

Twitter OnMouseOver Flaw In The Wild

by 날으는물고기 2010. 9. 24.

Twitter OnMouseOver Flaw In The Wild

As of this morning we have been monitoring a flaw on twitter.com that delivers pop-ups to Twitter users when they move their mouse cursor over a specially crafted tweet.  There is also the potential to deliver status updates when mousing over a tweet and altering the display of the Twitter status on user's profile pages.


The affected tweets contain JavaScript that runs the OnMouseOver command (this command enables the code specified in the Tweet to run without requiring the user to click).


This morning we saw Proof Of Concepts of the Twitter command being posted by Twitter users and then began to see end users tweeting the code virally.  There is the potential for malware authors to spread malicious tweets using the flaw to direct users to other Web sites.

 

As of writing, hundreds of new tweets per second are being published on twitter.com using the OnMouseOver flaw.  Twitter users whose accounts have been affected by the flaw include journalists and high-profile celebrities.

 

Examples of compromised accounts:


Our advice is to use an alternative to the twitter.com Web site if you need to update your Twitter status.


출처 : http://community.websense.com/

728x90

댓글