Yesterday, an interesting worm spread its way through Twitter. Thousands of people started tweeting “Don’t Click:” with a link attached. Click on that link, and it posted a tweet from your account to all your friends, with the same message.

Sunlight Labs did the initial analysis:

Huzzah! the first twitter social virus!

It seems mostly harmless, just perpetuating itself and breeding. You can check out the graph of its use here:

Here’s how it works:

You can actually link to twitter and auto-fill a message box quite easily. All you have to do is write a link like this:
“http://twitter.com/home?status=Sunlight Labs post on Don’t Click:http://bit.ly/kj1z9″. What this “virus” does is, it creates an iframe of the page, hides it, and when you click that button and you’re logged into Twitter, it makes you post that message (even though you don’t see it). There’s not a bit of javascript involved. The only javascript on the page is their Google Analytics code.

So, this “social virus” simply created an invisible page that overlaid the page you *thought* you were clicking, and it essentially forces your browser to push out a link.

That fact that no scripting was involved, and your password wasn’t at all needed for this little trick means it was basically harmless, from a security and privacy perspective.

Many people on twitter remarked how the way this “virus” spread demonstrated the “power of social networking.” But that’s not true — just the opposite.

It demonstrated the frailty of social networking. It has exposed what is always the weakest link in any system — the human factor.

The spread of this “social virus” relied on the trust we all place on our online friends. When someone you know and trust says “Don’t Click,” you assume it’s a joke they are playing (like you going to get rickrolled), and so you go ahead and click on it. The fact that many of your friends started posting the “don’t click” message on Twitter simply meant that everyone else was in on the joke, and you had to find out what it was all about.

Social networking sites and programs rely on the fact that we all trust each other. This same trust we place in each other is also the way social networking site and programs can be exploited.