This morning we observed a Cross Site Scripting (XSS) attack taking place on Twitter.  This particular vulnerability took advantage of the onmouseover function in JavaScript, which works by executing JavaScript code by simply moving your mouse over some text.

The following status updates were observed, causing unsuspecting user feeds to fill up with images of rainbows:

Mouseover Vulnerabilty on Twitter
Mouseover Vulnerabilty on Twitter

After hovering over the mouseover code:

Tweet after Mouseover Vulnerability
Tweet after Mouseover Vulnerability

Here are some of our observations on this attack:

  • The malicious string can be automatically sent to followers, continuing the distribution of the tweet in a worm like fashion.
  • Strange messages appear with giant letters, dialog boxes reading “Hello”, blacked out tweets, etc.
  • Anyone visiting their profile may be redirected to another web address.

This particular attack could have been nasty in the hands of skilled cyber criminals, but fortunately the Twitter staff have already patched the site against this and future attacks like it.

Twitter Status Update
Twitter Status Update