Twitter worm underscores social-networking vulnerabilities

Share this article:

Twitter was struck by a particularly nasty cross-site scripting worm over the weekend, again bringing to light the threat of client-side attacks across social networking sites.

Four variants of the worm hit Twitter, bringing back memories of the infamous -- and groundbreaking -- Samy worm that snaked through MySpace several years ago.

The Twitter worm spread links to a supposed Twitter copycat site called StalkDaily[dot]com by exploiting a cross-site scripting (XSS) vulnerability and infecting an unknown number of Twitter profiles. Each wave of the worm attacks was more intense than its predecessor, according to a post on the official Twitter blog.

“We secured the accounts that had been compromised and removed any content that might help spread the worm,” Twitter co-founder Biz Stone wrote on the blog. “All told, we identified and deleted almost 10,000 'tweets' [messages] that could have continued to spread the worm.”

The worm's activity seems to have been contained, but there is little guarantee that no threats remain, experts said.

“This may be an open-ended problem," Andy Hayter, Anti-Malcode program manager at security solutions tester ICSA Labs, told SCMagazineUS.com on Monday. "I don't think we've seen the end of it."

But overall, the damage so far has been minimal, Stone said in his blog post. No personal information was compromised.

"All the attacks are JavaScript-based, so turn off JavaScript in your browser if you are worried," Hayter said.

Richard Wang, manager of Sophos Labs U.S., recommended Twitter users avoid clicking on untrusted links. He also told SCMagazineUS.com that Twitter can modify its platform so it cannot support malicious code such as this.

Stone wrote: “We are still reviewing all the details, cleaning up, and we remain on alert.”

According to published reports, a 17-year-old Brooklyn, N.Y. boy has taken responsibility for the attack. Michael "Mikeyy" Mooney said he devised the malware out of boredom and to prove how vulnerable Twitter is.

Stone likened the attack to one perpetrated by Samy Kamkar, who, in 2005 when he was 19, unleashed a similar self-replicating, XSS worm across MySpace that was believed to be the first of its kind. The worm was benign but enabled Kamkar to attain more than one million "friends" in 24 hours. He later was sentenced to three years probation and ordered to serve 90 days of community service.

 

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Instagram iOS and Android apps vulnerable to session hijacking

Two researchers wrote about the Instagram app for iOS and Android is vulnerable to session hijacking because both send unsecured information through HTTP.

Report: Hackers stole data from Israeli defense firms

A report by Brian Krebs detailed the intrusions, which occurred between Oct. 2011 and Aug. 2012.

Neverquest trojan targets regional banks in Japan

Symantec researchers found a new variant of the banking trojan.