Twitter Worm Woes

Over the weekend Twitter had a load of problems with a malicious site called StalkDaily.com (we recommend you do not visit!). The worm infected thousands of Twitter accounts, and although no real harm was done, for example no passwords were changed, the worm did send out tweets from peoples accounts against their will.

A 17 year old named Mikey Mooney was behind the initial attacks, and admitted to them in the following statement:

“I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”

Twitter announced that they had dealt with the problem and all users personal data was safe.

But this morning it seemes a second round of attacks had begun, yet again by the same individual, and even more embarissingly for Twitter, using the same exploit that Twitter claimed they had fixed. This second round of the Twitter worm was yet again posting tweets from people’s accounts, this time saying any of the following:

• Man, Twitter can’t fix sh*t. Mikeyy owns. 
• Dude, Mikeyy is the sh*t! 
• Twitter should really fix this…

Some malicious tweets even suggested that Twitter should hire Mikey.

If you have been effected or want to avoid it, we recommend changing your password, and trying not to visit individuals Twitter profiles for the time being.