PCR Tech and IT retail, distribution and vendor news
Twitter has plugged a hole in its code that allowed malware to issue pop-up messages and links to pornographic websites.
According to the BBC, thousands of users were affected by the security flaw, including Sarah Brown, wife of the former Prime Minister.
The malware exploited a cross-site scripting vulnerability and used the ‘onmouseover’ code – the same code that brings up pop-up ads on various websites when the user makes the mistake of letting their mouse cursor touch a certain word. In this case, instead of bringing up an advert, the user was treated to a dose of adult content or an unrelated website.
“This issue is now resolved. We apologise to those who may have encountered it,” wrote Twitter’s security chief Bob Lord.
“Users may still see strange retweets in their timelines caused by the exploit. However, we are not aware of any issues related to it that would cause harm to computers or their accounts.”
In many cases, redirection exploits such as this are created by people posing as advertisers or search engine optimisers, who then charge their legitimate customers for the fraudulent increase in traffic.
