Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
General Security
Tag Cloud
access audio black screen blue screen boot bsod connection crash dell desktop drivers dvd email error excel excel 2003 firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor ram recovery router safe mode screen slow sound spyware tdlwsp.dll trojan video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Worm infiltrates Twitter

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
lotuseclat79's Avatar
Distinguished Member with 14,988 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
12-Apr-2009, 08:17 AM #1
Worm infiltrates Twitter
Worm infiltrates Twitter.

A worm apparently infected Twitter on Saturday.

The worm may originate with the StalkDaily.com site, and Twitter warned people against visiting the site or linking to it.

"If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety," Twitter informed its users on Saturday afternoon.


-- Tom

P.S. Twitter worm outbreak over Easter.
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein

Last edited by lotuseclat79 : 12-Apr-2009 08:24 AM.
SIR****TMG's Avatar
Computer Specs
Distinguished Member with 37,126 posts.
 
Join Date: Aug 2003
Location: Corn Fields of OHIO
Experience: Einstein Jr. Indeed
12-Apr-2009, 10:16 AM #2
Thanks
Jason08's Avatar
Jason08 has a Photo Album
Computer Specs
Distinguished Member with 3,622 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
12-Apr-2009, 04:52 PM #3
Thanks for posting it.
imrui's Avatar
Computer Specs
Junior Member with 29 posts.
 
Join Date: Apr 2009
Location: My House
Experience: Advanced
13-Apr-2009, 01:52 AM #4
As far as I know, and what I observed, it is caused by a XSS(Cross Site Scripting) vulnerability, and it doesn't affect sensitive informations such as passwords. The hole is on the color boxes, and many(if not, few) people already exploited this and used it in different manners.
lotuseclat79's Avatar
Distinguished Member with 14,988 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
13-Apr-2009, 08:18 AM #5
Ongoing problems at Twitter.

Twitter administrators don't seem to be able to shut down the various XSS / CSRF worms that have been plaguing the service over the weekend. Latest round of worms just started minutes ago. Apparently this run was started by a freshly registered user called cleaningUpMikey:

If you clicked on the name or the image of the person sending the message, you would get infected as well and would send the same message - and anyone viewing your profile would do the same.

We can't confirm whether "Mikeyy" is really behind these attacks. We can't confirm the above phone number either. However, it was likely picked up from this page from a social networking site:

For now, don't view profiles in Twitter.

Updated to add:

A quick look at another incarnation of the same worm. This one was interesting, as it was using bit.ly redirector in the messages.

Infected users were sending Tweets like this: "How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1S"

A message like this is particularily nasty, as there were plenty of re-tweets of this malicious message sent by genuine users.

The bit.ly link got redirected back to Twitter, to user reberbrerber's profile. Which would infect Twitter users who would view it.

-- Tom
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein
lotuseclat79's Avatar
Distinguished Member with 14,988 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
13-Apr-2009, 09:36 AM #6
Jason08's Avatar
Jason08 has a Photo Album
Computer Specs
Distinguished Member with 3,622 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
13-Apr-2009, 01:02 PM #7
I wonder how this will affect many websites that use Twitter.
imrui's Avatar
Computer Specs
Junior Member with 29 posts.
 
Join Date: Apr 2009
Location: My House
Experience: Advanced
13-Apr-2009, 08:49 PM #8
Jason, no it wont..

The vulnerability is on the twitter webpages, so the worm only stays there..
Jason08's Avatar
Jason08 has a Photo Album
Computer Specs
Distinguished Member with 3,622 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
14-Apr-2009, 03:15 PM #9
Ok, but I guess when a company has a twitter page, then that www.twiterpage.com/companyname would be affected.
Blackmirror's Avatar
Computer Specs
Distinguished Member with 28,046 posts.
 
Join Date: Dec 2006
Location: uk
Experience: Chocoholic
14-Apr-2009, 03:54 PM #10
I am so glad i dont Twitter
Jason08's Avatar
Jason08 has a Photo Album
Computer Specs
Distinguished Member with 3,622 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
14-Apr-2009, 09:34 PM #11
Me too. I visited it once because a company's website I go to has a Twitter page, but I never signed up at it, and haven't gone back since then (couple weeks ago.)
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 01:14 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
Powered by Cermak Technologies, Inc.