• by Erik Sass , Staff Writer @eriksass1, September 21, 2010

Either everyone on Twitter is getting into the porn business, or the microblogging service was temporarily infested today by a rather devious hack which distributed SPAM and promoted porn sites. The phishing hack came in the form of a Javascript "exploit" which merely required Twitter users to mouse over certain eye-catching tweets (no click necessary) before re-tweeting the SPAM messages and re-directing users to yet more SPAM or porn sites.

Graham Cluley, a security expert with Sophos, explained: "The Twitter website is being widely exploited by users who have stumbled across a flaw which allows messages to pop-up and third-party websites to open in your browser just by moving your mouse over a link." The technique is called "cross-site scripting" or XSS for short; many of the destination sites are straight-up XXX.

The Twitter hack soon became an interesting example of crowd-sourced malware, as mischievous and malicious programmers realized the potential and began tweaking the exploit-worm to make it more virulent. Over the course of several hours the hack (which was limited to the Twitter Web site, leaving third party apps unaffected) rapidly evolved from small "rainbow"-colored tweets and mysterious black blocks to huge colorful letters covering practically the entire screen -- making it well-nigh impossible to avoid propagating the hack.

Because the hack apparently started spreading around 4 a.m. EST, it was first noticed by British users logging on Tuesday morning. According to measurements by Trendistic.com, around noon U.K. time (7 a.m. EST) the hack was affecting about 5% of Twitter users -- which is a lot considering the U.K. only contributes a fraction of the site's total 110 million registered users. Among the victims was Sarah Brown, the wife of ex-prime minister Gordon Brown, whose Twitter account was hijacked by a Japanese porn site and bespangled with a huge red "H," after sending the SPAM to over one million followers.