CNET también está disponible en español.

Ir a español

Don't show this again

Software

Twitter users hit by nasty JavaScript mouseover hack

Microblogging site Twitter has been hit by a JavaScript exploit capable of redirecting followers to third-party websites if you so much as move your cursor over the tweet.

Twitter is currently in the midst of a catastrophic storm of techno-japery, which allows third-party websites to open pages and pop-ups in your browser.

Anyone viewing Twitter online using the Web client at Twitter.com will no doubt be seeing bizarre blocks of colour, (so-called 'rainbow tweets') blacked-out messages or strings of garbled nonsense.

Just rolling your cursor over these odd tweets can cause all manner of madness, from tweets being posted from your own account, to pop-ups springing on to your screen, redirecting you to pornographic or malware sites.

Essentially this is an exploit that uses Twitter's own code to mischievous ends. Graham Cluley, senior technology consultant at Sophos, told us that the exploit started as a way for users to have fun -- creating colourful blocks of text or pop-up messages out of their tweets. With a little tinkering, however, the same code can be used to redirect users to all manner of other sites, and automatically tweet from a user's account.

The blame for this craziness surely lies with Twitter. Cluley told us, "You would have hoped that Twitter would have excised all JavaScript from people's tweets."

Sarah Brown, wife of the former British prime minister, has notably been affected by the attack -- a tweet from her account redirects her one million followers to a Japanese porn site.

Sarah Brown Twitter porn

If you stay away from the Web version you should be safe, so if you can, we recommend using a third-party client such as TweetDeck to handle your tweeting for now. We'll let you know more as it happens, but we're particularly keen to see Twitter's official statement on the matter...

Update: Twitter's status page says that the flaw has been fixed, so you should be safe to use the Web version again. There's no official statement as yet from the company, however.

Update 2: Twitter has now published a blog on its site explaining what went wrong and confirming that everything is back to normal on the web service.