[MichaelAza]

The flow of a (possible) attack is something like this:

1. User configures browser to automatically start torrent downloads when a ".torrent" link is clicked

2. User clicks twitt button which leads to a torrent file

3. The file is downloaded and opened in a torrent client

At this point, one could imagine a specifically crafted torrent file which exploits some vulnerability of the torrent client to gain (say) arbitrary code execution and now the user is, to use a mild term, screwed.

This attack could be used by any malicious site, really, but it's easier to get people to click a twitt button rather than some link on some site and besides, by preforming the attack this way the attacker would infect a sizable chunk of all internet sites (any site that uses the twitt button).

[tedunangst]

One could also imagine a specially crafted image file which exploits some vulnerability of the graphics library to gain arbitrary code execution. Then you just need the user to look at the twitter button.

[MichaelAza]

True, though I'd think it would be easier to exploit a torrent client than a browser.

[dmbass]

That attack vector has nothing to do with Twitter.

[MichaelAza]

Did I imply it had something to do with twitter?

When this conjecture was posted I assumed someone hijacked a CDN used by twitter and used the twitt button as an attack vector by making it redirect to a torrent file.

I'm not saying twitter is trying to infect its users or something. In all probability, it's just a configuration screw-up and not an attack but (for all we know) it could be.