Don't Click The WTF Link On Twitter Unless You DO Like Sex With Goats

Either a lot of Techies are into really kinky things, or there is a Twitter worm going around. It looks like a ton of people just started sending out Tweets saying “I Like Anal Sex With Goats.” This Tweet is followed by another one that says “WTF” and includes a link. Do NOT click on this link; it appears that it will cause you to send out the same series of Tweets from your account. It looks like this is happening across third-party clients and on Twitter.com

As commenter Andrew Nacin points out, the bug is called a cross-site request forgery. Web programming security 101. It should only affect twitter.com, as it relies on an iframe of twitter.com and a little JavaScript to post the tweet form (twice). It seems that if you click this link “http://pastehtml.com/view/1b7xk3b.html”, and you are signed into Twitter, it will autotweet two Tweets with the sex with goats bit and the WTF link.

UPDATE: Twitter just posted this message on their Status blog, stating “A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.”

UPDATE 2: Twitter has fixed the exploit and are removing the “offending Tweets.”