Malware, Vulnerability Management

Tumblr disrupted by fast-spreading worm

A group of internet "trolls" is behind the spread of an offensive post – a worm which went viral Monday on blogging platform Tumblr, reposting itself on victims' pages and on those of infected visitors.

GNAA, an "anti-blogging" group that in the past has attacked major sites – such as CNN, President Obama's campaign and Wikipedia – claimed responsibility for spreading the worm, which took the form of a verbal tirade that appeared on the Tumblr pages of more than 8,000 users, according to Monday tweets that appear to have been deleted by a group member who sent them. USA Today and Reuters were among the Tumblr pages struck by the worm. 

The trolling group, which goes by an inflammatory name, explained the incident as a “war on bronies” – fans of the television series My Little Pony: Friendship is Magic, according to a release from GNAA. A Tumblr page for fans of the animated show was the target of the attacks, and online publication The Daily Dot was among the first to have its Tumblr page exploited.

The Daily Dot reported on the incident, saying the viral message begins with “Dearest Tumblr users,” before a tirade ensues about the "self-indulgent" and “decadent” ways of Tumblr bloggers.

“The post – an angry rant against Tumblr users – is pure trolling clickbait,” said The Daily Dot article. “Buried in the post is a worm, and clicking it allows the post to propagate to your Tumblr blog, too. Repeat enough times and you have a near Tumblr apocalypse.”

Tumblr said it fixed the security issue as of Monday afternoon EST, according to a spokeswoman who emailed The worm did not appear to inflict any other harm than to spread the inflammatory spam message. Users' accounts were not compromised.

"Engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today," she said. "If you have viewed this post, please log out of all browsers that may be using Tumblr immediately."

Tumblr did not confirm the nature of the security issue, but BetaBeat suggested the hole permitted the spread of a JavaScript exploit. Users can change their password as an added security measure, and if infected by the worm, delete the offending post by using Tumblr's mass editor feature.

A spokesperson for GNAA told Gawker that it warned Tumblr about the vulnerablity weeks ago, but the company did nothing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.