Saturday, April 18, 2009

Twitter Worm Writer Gets A New Gig

Michael Mooney the teen that has come forth to take credit for the StalkDaily worm that has plagued Twitter over the past week has found himself a new job building of all things applications for businesses.

Mikeyy told BNO News last week that he created the XSS worm StalkDaily out of boredom and to promote himself and his website. Well Mikeyy it looks like your plan has worked. Travis Rowland the CEO of exqSoft Solutions LLC reportedly spotted Mikeyy's work in Twitter and contacted the teenager. He has offered him a new gig as a programmer doing custom Web application development, primarily geared toward businesses.

Rowland has also confirmed that they'd be putting Mooney to work checking security of their current and future applications as "security analysis for us". He'll be making sure exqSoft's applications are as secure as they can be.

Shortly after hiring new of the hiring Rowland Tweeted Biz Stone asking him not to take legal action against the new employee. Its unclear were Stone stands on that issue but recent actions might have sway him away from any sort of lenience as the newest variant of Mikeyy has been spamming Twitter with links to the exqSoft Solutions website.

Rowland has denied claims that the new worm is acting on their behalf. Tweeting two post:

Was just informed new Mikeyy is spamming my website all over Twitter, I did not ask him to do that and can't get a hold of him right now. (link)

We did hire him, but we have nothing to do with the current Mikeyy variant. (link)

While Rowland doesn't see Mooney's actions as "malicous" and goes so far as to blame Twitter for not adequately protecting its site at least one security researcher has spoken out against the recent hiring.

Graham Cluley, a senior technology consultant with security firm Sophos told that he feels Mooney should not be rewarded for behaving irresponsibly. "The teen not only wasted the time of thousands of Twitter users and company engineers," Cluley said, "but put Twitterers at risk of having their identities stolen or malware installed on their machines by financially-motivated hackers who could have used the cross-site scripting flaw that Mooney used."

Cluley's remarks in his Dark Reading blog echo many of my sentiments on the issue. There he writes, "In my opinion, ExqSoft Solutions were utterly irresponsible in offering Mooney the job and publicizing his acceptance, less than a week after the first wave of attacks. The last thing we want is a a legion of other kids exploiting software and websites, in the hope that they might be rewarded with a job offer."

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you