Twitter clickjacking worm
Today I saw the following message in my Twitter timeline:
First you think, nah won't look at it, but then that final 'a voir absolument'...
So when you follow the tinyurl you come onto a very empty page with 1 button and a hyperlink. When I clicked any of this, I got a clickjacking warning message from NoScript:
I searched Twitter for the TinyURL and I found about 150 people that have already been clickjacked. It all started 6 days ago, the first person to Tweet it was ameliehannover, a novice user. I guess it could have been far more viral if the message would be in English.
That was the first time I was saved by NoScript. So all those wasted seconds whitelisting JS were worth it in the end?
If you got the message in your updates: you can remove it by clicking the garbage icon next to the update on your Twitter account page (e.g. http://twitter.com/kvantomme)
Bookmark/Search this post with:
Tags:
Went checking back today, the update message is now "Don't click". Curious how far this will go.