Bug appeared Tuesday morning and experts quickly noticed users taking advantage of the flaw. Details of the bug are slim right now, though experts say that mousing over a specific link will produce a pop-up window that displays the logged-in user s Twitter cookie. The attack later incorporated a cross-site request forgery component that forced users to retweet a piece of code. By about 10 AM EDT on Tuesday, the worm was slowing down, as Twitter’s team caught up and closed the vulnerability.
Source: https://threatpost.com/persistent-xss-bug-twitter-exploited-worm-092110/74496/

