The extracted code is this:
We can extract useful strings for the above code:
To activate the code is needed you move your mouse pointer over a link.
When you move your mouse pointer over a link and you are logged into your Twitter account, your account will post a new RT (ReTweet) that points to a link to the Twitter account of the user “Matsta”, as seen in this picture:
If you have the suspicious retweets in your Twitter account, you can simply login to Twitter later when the XSS has been fixed and you can remove the unwanted retweets manually.
21/09/2010 @ 15:35 PM GMT+1 = XSS Worm is still live
21/09/2010 @ 16:20 PM GMT+1 = PROBLEM HAS BEEN FIXED
The XSS attack should now be fully patched and no longer exploitable.
I would advice anyone that used Twitter during the XSS attack to change their password with a stronger password.