Yesterday we reported on the worries Twitter was having with a malicious worm from hacker ‘Mikey’, last night we spottted a site claiming to have interviewed the 17 year old, but not wanting to post due to possible legal reasons. But now it seems one other site was brave enough to take the plunge and supposedly out right call the individual behind the attack.

The Drill Down claimed they think they found Mikey’s contact details, and then proceeded to call him. The phone call (which goes on for over 10 minutes) can be listened to in full over on their site.  Mikey claimed that he had not been in contact with Twitter, and that he did not mean any harm, he merely just wanted to show the vulnerabilities Twitter had.

Thanks to Drill Down for the interview.

Over the weekend Twitter had a load of problems with a malicious site called StalkDaily.com (we recommend you do not visit!). The worm infected thousands of Twitter accounts, and although no real harm was done, for example no passwords were changed, the worm did send out tweets from peoples accounts against their will.

A 17 year old named Mikey Mooney was behind the initial attacks, and admitted to them in the following statement:

“I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”

Twitter announced that they had dealt with the problem and all users personal data was safe.

But this morning it seemes a second round of attacks had begun, yet again by the same individual, and even more embarissingly for Twitter, using the same exploit that Twitter claimed they had fixed. This second round of the Twitter worm was yet again posting tweets from people’s accounts, this time saying any of the following:

• Man, Twitter can’t fix sh*t. Mikeyy owns. 
• Dude, Mikeyy is the sh*t! 
• Twitter should really fix this…

Some malicious tweets even suggested that Twitter should hire Mikey.

If you have been effected or want to avoid it, we recommend changing your password, and trying not to visit individuals Twitter profiles for the time being.