Sometime yesterday, the worm began compromising the accounts of people who clicked on a link to a video on the juste.ru domain. These zombified accounts were then used to post another link to the video. “Best Video: http://juste.ru/?…” tweets began to spread across the twittersphere.

It appears that unlike previous twitter worms, this one doesn’t work off of cross-site scripting (XSS) but instead installs some sort of malware to compromise your account details. Further, it appears to be able to grab Facebook login information as well, and it has begun to propagate on that network as well.

Suffice to say, the only way to stay safe is to be careful about clicking on shortened URLs (there are handy tools to preview the URL before surfing to it) and to fervently avoid landing on the Juste.ru domain. Of course, this is only a stopgap measure, since new malicious domains and malware will be out as soon as one site shuts down.

Avoiding the twitter web interface in favor of a standalone client is a nice safeguard against XSS attacks and may even be been helpful in this situation. Perusing a random sampling of some of the compromised accounts, the vast majority seemed to do most of their tweeting from the web interface, underscoring twitter’s continued vulnerability in the face of these constant exploits.

Since this is happening with such frequency, we might as well coin YATW and use that going forward.

Twitter has already begun temporarily suspending the compromised accounts, deleting the offending posts, and returning them back to their proper owners.

(via Techcrunch and Mashable