This morning, we attended what was the first massive Twitter infection, seeing how a string of strange characters appeared on our profiles.
Panda Security sent me a press release with more information about the infection:
It is a vulnerability in Twitter that makes any user who operates through the web twitter.com, when he receives this message and when hovering the mouse pointer over the tweet containing this strange string, different unexpected things can happen to him:
– Automatically, and without him doing anything, send his followers the malicious chain, thus contributing to its distribution
– Strange messages with giant letters may appear, dialog boxes where it reads Hello, black boxes where the text of a tweet should be, etc.
– When anyone visits your profile, it can be redirected to any other web address
According to Luis Corrons, Technical Director of PandaLabs:
The greatest danger could be that the URL used in the attack will use some vulnerability to infect our computers. If a criminal does that in addition to RT the code, the implied URL uses Drive-by-Download techniques, we would be talking about millions of potential victims, although it is unlikely since presumably Twitter plugs the hole before this happens.
The origin seems to be an account created on Twitter, called Rainbow, the name that has given the worm:
Update – Del Harvey from the Twitter team reports that they have already fixed the problem:
Update 2 – On the official Twitter blog they tell how and when they solved the problem.