Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Malicious 'Rainbow Tweets' Plague Twitter Through 'onMouseOver' Flaw

by Terrence O'Brien on September 21, 2010 at 10:40 AM

Rainbow Tweets
If you frequently use the official Twitter website, here's a bit of security advice: don't. At least not for a little while. A recently discovered flaw on the site has allowed pranksters and ne'er-do-wells to use your mouse movements (not clicks, mind you) to trigger pop-up messages and websites. Spammers are actively exploiting the "onMouseOver" flaw in order to load sites and to coerce accounts into posting the messages that spread the links. The concern, though, is that malicious actors could use the flaw to spread malware and completely hijack accounts.

One of the high-profile accounts to have been compromised belongs to Sarah Brown, wife of former British Prime Minister Gordon Brown. Brown's account posted a message listing a link that popped up a hardcore porn site. The most common use of the Javascript flaw appears to be so-called "rainbow tweets" (seen above), which obscure their contents with blocks of color and thereby entice users to click on, or at least hover over them. Twitter moved quickly to patch the flaw, but not before it became a trending topic (under five different headings). Still, we have to give the site credit for shutting down the exploit within hours of its discovery.

Tags: onmouseover, rainbow tweets, RainbowTweets, security, socialnetworking, top, twitter

HuffPost AOL Social News Most Popular