On the 21st september, at 2.54 PDT, Twitter has experienced a attack through a XSS (Cross-side scripting) vulnerability. Due to malicious code being executed, a massive retweet spread though all users,
Generally speaking XSS attacks exploit a lack of control on HTTP GET and POST requests. Malicious code is injected through a URL pointing to the affected website, allowing most kind of queries to be executed. Defacement should not be worst in case of less visited website but as the outcome can incredibly grow in magnitude if considered the amount of visitors.
This is the code used:
http://t.co/@%22onmouseover=%22document.getElementById(%27status%27) .value=%27RT%20Matsta%27;$(%27.status-update-form%27).submit(); %22class=%22modal-overlay%22/
When you move your mouse pointer over a link and you are logged into your Twitter account, your account will post a new RT (ReTweet) that points to a link to the Twitter account of the user “Matsta”.
The worm spread over all terminals with javascript activated. Some people obviously panicking at Twitter Headquarters (or probably just laughing their ass off for being fooled by a script-kid), for a few minutes internet went back to be a less noisy, content based network, as it originally was. Considering the amount of uselessness spreading through twitter these days, a smart worm is for sure an improvement in content quality.
Back in the years you were like if you could score a shell on a *.ac.kr server, with a PHF or ftp-bounce attack. Script-kiddies nowadays can just hit the news with a smart URL… I’ve never though that web security would have grown according to the number of visitors and variety of services and protocols available, but is probably time to catch up more than ever.
On a side note, attacks like these may also show what the really security attitude of these companies, definitely in need of a real improvement.