0

It has not exactly been the best of weekends for Twitter, and for those whose tweeting has been hijacked by not one but two worms it could easily be considered the worst of times.

It all started when people noticed that a lot of their followers seemed to be recommending the same website. OK, so that's not exactly unheard of after all a lot of people use Twitter to pass on details of interesting finds to their social network. However, when those recommendations take the rather juvenile form of "Wooo, www-dot-StalkDaily-dot-com :)" or "Dude, www-dot-StalkDaily-dot-com is awesome" then eyebrows start to get raised.

The good thing about Twitter though, well one of the many good things about Twitter, is that news both good and bad spreads really quickly. So when people realised that their update messages were being hijacked to spread this spam, they started posting tweets warning their followers and asking them to spread the word. The author of the StalkDaily worm quickly caught on and hijacked messages soon started appearing which claimed "Virus!? What? www-dot-StalkDaily-dot-com is legit!"

Actually, what was happening was a typical cross site scripting attack, in this case spamming links across Twitter without the permission, or knowledge in many cases, of the users involved.

In his official Twitter blog, founder Biz Stone has confirmed that "a worm took center stage" but adds that "no passwords, phone numbers, or other sensitive information was compromised as part of these attacks."

Stone goes on to admit that in all the Twitter team "identified and deleted almost 10,000 tweets that could have continued to spread the worm" and points out that the "support team will have lots of email to go through on Monday so please bear with us and thanks for your patience."

It would appear that as Twitter was getting to grips with the StalkDaily worm so another cross site scripting attack took hold. The Mikeyy worm appears to have an agenda of gloating about the success of the first worm. Messages being spammed this time around included the likes of "Twitter really should fix this" and "Mikeyy I am done" as well as "Dud! Mikeyy! Seriously? Haha."

The Mikeyy concerned would appear to be Mikeyy Mooney, a 17 year old who is alleged to have taken responsibility for the StalkDaily worm. According to BNO News the teenager emailed them to claim it was him behind both worms, and warn that more could follow. Mikeyy Mooney being the owner of the StalkDaily website at the heart of the first worm spam messages. BNO News reports that he wrote "I am aware of the attack and yes I am behind this attack" created in order to "give the developers an insight on the problem and while doing so, promoting myself or my website."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

1
Contributor
0
Replies
1
Views
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.