Latest in Code

Image credit:

The story behind the Twitter worm


When we heard about this malicious JavaScript code that hit Twitter yesterday, we were kind of relieved: perhaps it was nature's way of ridding us of celebrity micro-bloggers. But as the day went on, it seemed that even if this were the case, a sordid tale was emerging: apparently the whole thing began with a Norwegian programmer named Magnus Holm, who had experimented with a flaw in Twitter's website that let users execute code on a mouseover. His version of the code simply replicated itself: "The purpose was simply to see if it was possible to create a worm," he told The New York Times, adding that he was surprised it had spread as quickly as it did. "Because it was very easy to delete the Tweet that contained the worm, I expected that everyone would just delete it the moment they realized that they've been 'infected.'" But soon enough, folks were updating the code for malicious purposes, including redirects to spam sites and, perhaps worst of all, Rickrolling. By 8:30 AM President Obama's Press Secretary Robert Gibbs had inadvertently sent the thing out to his followers, and by 10:00 AM (when Twitter had patched the hole) an estimated 200,000-plus users had been hit. Fortunately, it looks like things are back to normal, which reminds us: @justinbieber hasn't tweeted for over twenty-four hours. We hope he's OK!

From around the web

ear iconeye icontext filevr