Today there has been a lot of Traffic on twitter related to a very recently-discovered Javascript exploit. It took advantage of the way twitter handled JavaScript in Updates. Most of the exploits seen used the "onmouseover" trigger, which meant that all a user had to do was move the mouse over a tweet and the code would run. Most would just re-post the same thing to your own Wall, some would re-post and re-direct the user to another [Web] Site. There were some examples of users being re-directed towards porn Sites. The fact it only needed a Cursor to move over it is why it spread so very rapidly all over the World, before people knew what was happening.

More info. and screenshots can be found in this F-Secure Blog:
http://www.f-secure.com/weblog/archives/00002034.html.

At the time of writing, twitter appeared to have fixed the flaw so users should be safe. Those who are still concerned, can dis-able Javascript in their Browser, or use a client program - such as an smartphone app. - to access twitter as these are not affected by the Exploit.

Posted on behalf of Mathew Nisbet, Malware Data Analyst