The miscreants behind the latest assault set up an attack page that exploited a CSRF vulnerability in Twitter so that victims who clicked on a link posted a crude message about their supposed fondness for sex with goats, as explained in a blog post by Sophos here.
Victims included celebrity blogger Robert Scoble, but far fewer people were affected than by the much bigger onMouseOver hack.
Twitter hit by second worm in less than a week
Posted on Monday, September 27 2010 @ 15:56 CEST by Thomas De Maesschalck