Yes another malicious worm has attacked Twitter users over the weekend only days after the site fell to a similar attack.
This time the attackers setup a page exploiting a CSRF vulnerability in Twitter. Any users clicking the link automatically posted a message on their account about their fondness for sex with goats.
The attackers page was created by using two hidden IFrames that push a status update through the Twitter API. They then let Twitter hide the malicious URL with its new t.co URL shortening service, allowing Twitter users who clicked on it to load the IFrames and transparently post the goat message on their accounts.
Twitter developers posted this on their blog in response: “We’ve fixed the #WTF exploit and are in the process of removing the offending Tweets,”
Via Register