A new worm, Rainbow, takes control of Twitter and infects millions of users

A new worm, Rainbow, takes control of Twitter and infects millions of users

This morning, we attended what was the first massive Twitter infection, seeing how a string of strange characters appeared on our profiles.

Panda Security sent me a press release with more information about the infection:

It is a vulnerability in Twitter that makes any user who operates through the web twitter.com, when he receives this message and when hovering the mouse pointer over the tweet containing this strange string, different unexpected things can happen to him:

– Automatically, and without him doing anything, send his followers the malicious chain, thus contributing to its distribution

– Strange messages with giant letters may appear, dialog boxes where it reads Hello, black boxes where the text of a tweet should be, etc.

– When anyone visits your profile, it can be redirected to any other web address

This vulnerability allows the execution of javascript code, with which different things can be done and opens great possibilities to users who intend to use it maliciously.

According to Luis Corrons, Technical Director of PandaLabs:

The greatest danger could be that the URL used in the attack will use some vulnerability to infect our computers. If a criminal does that in addition to RT the code, the implied URL uses Drive-by-Download techniques, we would be talking about millions of potential victims, although it is unlikely since presumably Twitter plugs the hole before this happens.

The origin seems to be an account created on Twitter, called Rainbow, the name that has given the worm:

At first, the first javascript injections were just jokes, although over time, it has evolved, and it seems that some users with other intentions are using this vulnerability to do more serious things.

Finally, a tip to avoid greater evils: any Twitter client that does not run javascript, such as TweekDeck, allows us to continue using the social network without any risk. So, let’s avoid using the web, at least, until the vulnerability is solved.

Update – Del Harvey from the Twitter team reports that they have already fixed the problem:

Update 2 – On the official Twitter blog they tell how and when they solved the problem.