Sunday, April 12, 2009

Someone Opened A Can Of Worms At Twitter

twitter logoShortly after Saturday's report of the StalkDaily worm hitting Twitter and Twitter's subsequent announcement that they had closed the hole the worm was using, Twitter posted confirmation of yet another worm.

The new "Mikeyy" XSS worm used the same cross site scripting hack as the previous StalkDaily worm and spreads in the same similar fashion. According to Twitter about 200 accounts in all had been infected , sending out about 10k tweets in all. These malicious tweets contained links to an off Twitter site that was used to propagate the bad code.

Twitter says they will remain on high alert throughout the weekend reviewing all the details of the attack, cleaning up the malicious tweets and evaluating their coding for any further holes.

crucial memory advisorIn the mean time BNO News has been reporting that a teenager, Mikeyy Mooney, has come forward and claimed responsibility for the creation of both worms.

According to their first report Mooney created the StalkDaily worm from “boredom” and because he “needed a way to make money." He used the worm and the links posted to drive traffic to his own site. According to BNO News and their follow up post the second worm, which used the same coding, was created by Mooney to "give the developers an insight on the problem and while doing so, promoting myself or my website."

Mooney warns that there might be more attacks on the way, meaning it might be a long weekend for the Twitter staff and those of us that use the site.

Users should take care to avoid being a part of the attacks. Don't blindly click links even if they do come from trusted sources. As always you shouldn't blindly retweet something you haven't checked for yourself first. For the time being you can disable javascript or use FireFox with the no-script add-on.

If you have been affected by Mikeyy or StalkDaily, you should:
  1. Temporarily turn off javascript
  2. Clear your browser cookies and cache
  3. Log into Twitter and check for anything suspicious, particularly in the URL or location. If there’s anything there, delete it fully and replace with your actual URL and location.
  4. Re-enable javascript and check the Design section of your Twitter profile to make sure there are no changes to your profile colors. If there are, delete these too and replace with whatever colors you want.
  5. Delete unwanted Tweets, specifically anything containing Mikeyy or StalkDaily or anything you don't remember tweeting
  6. Reset your Twitter password.

Mashable recommends using Twitter via a desktop client like TweetDeck or Seesmic Desktop, rather than on the web. The thinking behind this is that the javascript exploit won't work via the desktop clients. I can't confirm that and wouldn't rely on that as a line of defense. You're best bet would be erring on the side of caution and staying off suspicious profiles, not clicking off site links and running FireFox with no-script.

Update -4/13 - As of early Monday morning Twitter had yet to find a resolution to the issue and Mikeyy version 4 was seen spreading through the system. Twitter Status shows that as of 8hrs (2am pst) they were working to solve the problem and approximately 6hrs ago Twitter posted to @Spam that they believed they had a resolution. Considering they thought they had a resolution to the issue on Sat. I'll be on wait and see status to see if they actually got it fixed.

1 comment:

  1. Sanders6:28 AM

    That's *erring* on the side of caution :) Cheers for info


All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you