Twitter 'Mouseover' Hack Allows Script Injection and Redirects Users to Porn Sites

A security hole was discovered this week on Twitter that exploited over 40,000 users in 10 minutes through different colored Tweet links when hovered over, causing a pop-up box with text to appear that loads a third party website.

This recent Twitter security hack has being spread through links that exploited the 'On mouse Over' function. The 'On mouse Over' or 'onMouseOver' function, is a method that prompts an action when a user hovers their mouse pointer over a link or an object. In some cases, the Mouse-Over incident on Twitter would actually load an unwanted web page in the user's browser. According to Sophos, one of the victims of this incident was Sarah Brown, the wife of the former British Prime Minister whose exploited Twitter link is shown in Figure 1 below. Mrs. Brown Twitter feed was redirecting to a Japanese porn website.

Figure 1. Credit: TechCrunch - Sarah Brown's exploited Twitter link using onMouseOver hack.

The onMouseOver functionality is actually very common on several websites where it adds an extra interaction to what is usually a plain URL link. Basically, when you put your mouse over a link it will pop-up an object that contains additional text, images or potions or loads another website in the browser.

Twitter uses the onMouseOver method, for example, when you hover over a users name or profile link. Doing so will pop-up a box with additional information about the profile before it is clicked on. The same thing goes for this hack discovered early this week only it is unknowingly being spread by normal Twitter users who may tweet the hacked link to other followers. Users were reTweeting the links to their followers not knowing that it is/was exploited by hackers.

Twitter is no stranger to hackers who exploit the social network to either attack users through phishing methods to either lead users to malware or steal personal information. The recent event that is using XSS cross-site scripting (XSS - a computer security vulnerability found in web applications allowing hackers to inject pre-programmed server-side scripts into web pages to perform malicious actions) is also a well known way for attackers to spread malware or perform other malicious actions over the Internet. In this recent case, Twitter just happened to be a platform that hackers could easily use because users may already be accustomed to the pop-up boxes that appear when certain links/profiles are hovered over with the mouse.

These exploited 'onMouseOver' hacked links were restricted to Twitter.com but we believe that this prank may be a test for hackers to see if they can get away with exploiting other malicious links that could actually infect computers with malware. Twitter was aware of the situation the day it was discovered and since then, issued a post and apologized about the 'onMouseOver' incident on their blog notifying users that it has been resolved. Last month, a similar incident was discovered and patched so Twitter users should be on their guard because it certainly will not be the last of these types of exploits.

As a Twitter user, are you constantly worried that you're computer might get infected because you're being directed to malware-ridden sites due to Twitter hackings?