Twitter was struck by a particularly nasty cross-site scripting worm over the weekend, again bringing to light the threat of client-side attacks across social networking sites.
The Twitter worm spread links to a supposed Twitter copycat site called StalkDaily[dot]com by exploiting a cross-site scripting (XSS) vulnerability and infecting an unknown number of Twitter profiles. Each wave of the worm attacks was more intense than its predecessor, according to a post on the official Twitter blog.
“We secured the accounts that had been compromised and removed any content that might help spread the worm,” Twitter co-founder Biz Stone wrote on the blog. “All told, we identified and deleted almost 10,000 'tweets' [messages] that could have continued to spread the worm.”
The worm's activity seems to have been contained, but there is little guarantee that no threats remain, experts said.
“This may be an open-ended problem," Andy Hayter, Anti-Malcode program manager at security solutions tester ICSA Labs, told SCMagazineUS.com on Monday. "I don't think we've seen the end of it."
But overall, the damage so far has been minimal, Stone said in his blog post. No personal information was compromised.
Richard Wang, manager of Sophos Labs U.S., recommended Twitter users avoid clicking on untrusted links. He also told SCMagazineUS.com that Twitter can modify its platform so it cannot support malicious code such as this.Stone wrote: “We are still reviewing all the details, cleaning up, and we remain on alert.”