According to security analysis firm Sophos, simply running your mouse over certain tweets could activate pop-ups, send you messages, or even redirect you to another site.
And a number of Twitter accounts were redirecting users to hardcore pornography sites — including the feed of Sarah Brown, wife of former British Prime Minister Gordon Brown.
By 10 AM this morning, Twitter released a statement claiming “all clear” that Twitter “should now be fully patched and is no longer exploitable“. But some security experts say that with sheer volume of infected messages involved, even though it was patched, there may be some issues.
Also, some users are using to flaw to mask their user ID’s:
“It looks like many users are currently using the flaw for fun and games, but there is obviously the potential for cybercriminals to redirect users to third-party websites containing malicious code.
Some users are also seemingly deliberately exploiting the loophole to create tweets that contain blocks of color (known as “rainbow tweets”). Because these messages can hide their true content they might prove too hard for some users to resist clicking on them.”
According to the article, third party Twitter apps were not affected, because they do not use the same script. The article also recommends people avoid using Twitter for a while.
It is a shame that people would do something like this. I really makes you think twice about letting your kids use the internet, when they could be talking to their friends one minute but then re-directed to a very questionable site the next.