Site icon Panda Security Mediacenter

Rainbow worm took over Twitter, infecting millions of users

This morning, Panda Security witnessed the first massive infection of the popular Twitter social media site. Many users were astonished to see a strange string of characters appear in their profiles.

This is down to a vulnerability in Twitter, already fixed, that leaded to various unexpected events when users on twitter.com mouse over these tweets:

The vulnerability allowed javascript to be run, opening a host of possibilities to users with malicious intentions.

According to Luis Corrons, Technical Director of PandaLabs: “The main danger could be that the URL used in the attack could exploit another vulnerability to infect users’ computers. If, in addition to retweeting the code, a criminal were to embed the URL with drive-by-download techniques, we would be looking at millions of potential victims, though this is unlikely as Twitter will presumably fix the security hole before this happens.”

The source of the attack would appear to be an account created in Twitter, called Rainbow, the name which has now been given to the worm:

Initially, the first injections of javascript were simply jokes, though they have gradually evolved, and it would seem that some users have been using the vulnerability for other more serious ends.

Twitter clients that didn’t run javascript, such as TweetDeck, were unaffected, and allow users to continue using the social network without risks. You can now use the Twitter site directly, as the vulnerability has been patched.

Exit mobile version