Saturday, April 11, 2009

So Called StalkDaily Worm Hits Twitter

twitter logoAccording to several reports that began coming in earlier this morning there is anew worm on the prowl and its attacking unsuspecting Twitter users.

The worm, dubbed StalkDaily, because it has been reportedly originating from the owners of the website StalkDaily (Note: Do not visit this website, as it may cause your computer to become infected), has been infecting Twitter accounts. Details of how the infection occurs are a bit limited, however it appears as though it is done through adding a javascript into affected accounts. Other than that details are fairly uncertain.

Update- as I was writing this I found more details.
According to a recent
Twitter Status posting the attack was carried out via a cross-site scripting vulnerability. Twitter stated they have taken steps to remove the offending updates, and to close the holes that allowed this “worm” to spread.

What is clear is that once the account has been taken over it is then turned into a bot that spams tweets with links to the StalkDaily website. It is reported that the site can infect your Twitter account even if you do not register or login at the site. So while Twitter has posted that they have closed the hole that allows accounts to spread the worm it may still be possible that the off site attack could work, so users should take caution when clicking off Twitter links!

Mashable and Twittercismis have been advising readers to follow the following steps if they think they have been infected:
  1. In your browser, clear your cache and empty all of your cookies. This can be found in your settings.
  2. Log out of TweetDeck and any other external applications you are using.
  3. On, change your password and ensure that your profile, website, and location have not been changed.
  4. Log back in. It should be okay. If so, log back into TweetDeck et al.
  5. Go back and delete any tweets sent by you recommending StalkDaily. This is important to help stop the spread of the worm.
  6. Report @stalkdaily in a tweet to Twitter’s @spam account as follows: @spam @stalkdaily
For more details about the StalkDaily infection checkout some of the related article below.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you