Tumblr disrupted by fast-spreading worm

Share this article:

A group of internet "trolls" is behind the spread of an offensive post – a worm which went viral Monday on blogging platform Tumblr, reposting itself on victims' pages and on those of infected visitors.

GNAA, an "anti-blogging" group that in the past has attacked major sites – such as CNN, President Obama's campaign and Wikipedia – claimed responsibility for spreading the worm, which took the form of a verbal tirade that appeared on the Tumblr pages of more than 8,000 users, according to Monday tweets that appear to have been deleted by a group member who sent them. USA Today and Reuters were among the Tumblr pages struck by the worm. 

The trolling group, which goes by an inflammatory name, explained the incident as a “war on bronies” – fans of the television series My Little Pony: Friendship is Magic, according to a release from GNAA. A Tumblr page for fans of the animated show was the target of the attacks, and online publication The Daily Dot was among the first to have its Tumblr page exploited.

The Daily Dot reported on the incident, saying the viral message begins with “Dearest Tumblr users,” before a tirade ensues about the "self-indulgent" and “decadent” ways of Tumblr bloggers.

“The post – an angry rant against Tumblr users – is pure trolling clickbait,” said The Daily Dot article. “Buried in the post is a worm, and clicking it allows the post to propagate to your Tumblr blog, too. Repeat enough times and you have a near Tumblr apocalypse.”

Tumblr said it fixed the security issue as of Monday afternoon EST, according to a spokeswoman who emailed SCMagazine.com. The worm did not appear to inflict any other harm than to spread the inflammatory spam message. Users' accounts were not compromised.

"Engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today," she said. "If you have viewed this post, please log out of all browsers that may be using Tumblr immediately."

Tumblr did not confirm the nature of the security issue, but BetaBeat suggested the hole permitted the spread of a JavaScript exploit. Users can change their password as an added security measure, and if infected by the worm, delete the offending post by using Tumblr's mass editor feature.

A spokesperson for GNAA told Gawker that it warned Tumblr about the vulnerablity weeks ago, but the company did nothing.

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.