Twitter Hacked: Malicious Tweets Push Pop-Ups and PornThink twice about tweeting Tuesday. A vulnerability on the Twitter.com web site is infecting users who mouse over malicious tweets, even if they don't crack them open, according to security experts. And in mousing over an infected tweet, users could potentially expose themselves to a number of nefarious actions by the attacker.

For starters, mousing over one of these malicious tweets can result in pop-ups and websites automatically opening up in a user's browser in an attempt to redirect them to another site, says Graham Cluley, a security expert with Sophos. And in some cases, those redirections are to a hardcore porn site in Japan, he noted.

Secondly, passing over the infected tweet could also contaminate a user's own twitter account, serving as flypaper to all those who visit that user's Twitter page, and infecting their accounts as well. Lastly, simply by mousing over an infected tweet, a user may unknowingly end up sending tweets to others in the background, Cluley said.

"The danger of this is millions of people are on Twitter and this [attack] can spread quickly," Cluley warned.

Twitter says it's working on a fix and expects to roll it out shortly. And the malicious attack only affects those visiting Twitter.com or users' infected Twitter account pages, not third-party tweet distribution services.

This latest attack isn't the first time a security flaw in Twitter has been exploited, but Cluley noted that this one has the potential to affect the greatest number of users. Last year, French authorities arrested a man suspected of breaking into high-profile Twitter accounts belonging to singer Britney Spears and President Obama. And earlier this year, Twitter settled with the Federal Trade Commission over security lapses and privacy issues with its service.

Cluley posted video on his Sophos blog about how the attack works, giving users a sneak peak without infecting their computer:



Increase your money and finance knowledge from home

Understanding Credit Scores

Credit scores matter -- learn how to improve your score.

View Course »

Introduction to Retirement Funds

Target date funds help you maintain a long term portfolio.

View Course »

Add a Comment

*0 / 3000 Character Maximum

4 Comments

Filter by:
Chuck

Do we really 'need' Twitter, FaceBook, etc. or is it something we want to 'keep up' - aka ttelephone.. or are we just following the hype ???

September 21 2010 at 11:49 PM Report abuse rate up rate down Reply
BUFFALO

Twitter is highly over rated and there is a reason they call it twitter and thats because everyone who uses it are twits.

September 21 2010 at 3:47 PM Report abuse +2 rate up rate down Reply
1 reply to BUFFALO's comment
themanindbox

LMAO! I couldnt agree more!

September 22 2010 at 3:53 PM Report abuse rate up rate down Reply
midamerfrn

To everyone who thinks "Cloud Computing" will protect your info, I have a nice bridge in Brooklyn for sale.

September 21 2010 at 12:46 PM Report abuse rate up rate down Reply