The new "Mikeyy" XSS worm used the same cross site scripting hack as the previous StalkDaily worm and spreads in the same similar fashion. According to Twitter about 200 accounts in all had been infected , sending out about 10k tweets in all. These malicious tweets contained links to an off Twitter site that was used to propagate the bad code.
Twitter says they will remain on high alert throughout the weekend reviewing all the details of the attack, cleaning up the malicious tweets and evaluating their coding for any further holes.
In the mean time BNO News has been reporting that a teenager, Mikeyy Mooney, has come forward and claimed responsibility for the creation of both worms.
According to their first report Mooney created the StalkDaily worm from “boredom” and because he “needed a way to make money." He used the worm and the links posted to drive traffic to his own site. According to BNO News and their follow up post the second worm, which used the same coding, was created by Mooney to "give the developers an insight on the problem and while doing so, promoting myself or my website."
Mooney warns that there might be more attacks on the way, meaning it might be a long weekend for the Twitter staff and those of us that use the site.
If you have been affected by Mikeyy or StalkDaily, you should:
- Clear your browser cookies and cache
- Log into Twitter and check for anything suspicious, particularly in the URL or location. If there’s anything there, delete it fully and replace with your actual URL and location.
- Delete unwanted Tweets, specifically anything containing Mikeyy or StalkDaily or anything you don't remember tweeting
- Reset your Twitter password.
Update -4/13 - As of early Monday morning Twitter had yet to find a resolution to the issue and Mikeyy version 4 was seen spreading through the system. Twitter Status shows that as of 8hrs (2am pst) they were working to solve the problem and approximately 6hrs ago Twitter posted to @Spam that they believed they had a resolution. Considering they thought they had a resolution to the issue on Sat. I'll be on wait and see status to see if they actually got it fixed.