There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Tag Cloud
access acer asus bios bsod computer crash driver drivers error ethernet excel freeze gaming google gpu hard drive hardware hdmi internet laptop malware memory missing monitor motherboard network operating system printer problem ram registry router slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
Worm infiltrates Twitter

Reply  
Thread Tools
lotuseclat79's Avatar
Distinguished Member with 21,345 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
12-Apr-2009, 09:17 AM #1
Worm infiltrates Twitter
Worm infiltrates Twitter.

A worm apparently infected Twitter on Saturday.

The worm may originate with the StalkDaily.com site, and Twitter warned people against visiting the site or linking to it.

"If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety," Twitter informed its users on Saturday afternoon.


-- Tom

P.S. Twitter worm outbreak over Easter.
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein

Last edited by lotuseclat79; 12-Apr-2009 at 09:24 AM..
SIR****TMG's Avatar
Computer Specs
Distinguished Member with 47,676 posts.
 
Join Date: Aug 2003
Location: Corn Fields of OHIO
Experience: Einstein Jr. Indeed
12-Apr-2009, 11:16 AM #2
Thanks
Jason08's Avatar
Computer Specs
Distinguished Member with 3,717 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
12-Apr-2009, 05:52 PM #3
Thanks for posting it.
imrui's Avatar
Computer Specs
Member with 32 posts.
 
Join Date: Apr 2009
Location: My House
Experience: Advanced
13-Apr-2009, 02:52 AM #4
As far as I know, and what I observed, it is caused by a XSS(Cross Site Scripting) vulnerability, and it doesn't affect sensitive informations such as passwords. The hole is on the color boxes, and many(if not, few) people already exploited this and used it in different manners.
lotuseclat79's Avatar
Distinguished Member with 21,345 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
13-Apr-2009, 09:18 AM #5
Ongoing problems at Twitter.

Twitter administrators don't seem to be able to shut down the various XSS / CSRF worms that have been plaguing the service over the weekend. Latest round of worms just started minutes ago. Apparently this run was started by a freshly registered user called cleaningUpMikey:

If you clicked on the name or the image of the person sending the message, you would get infected as well and would send the same message - and anyone viewing your profile would do the same.

We can't confirm whether "Mikeyy" is really behind these attacks. We can't confirm the above phone number either. However, it was likely picked up from this page from a social networking site:

For now, don't view profiles in Twitter.

Updated to add:

A quick look at another incarnation of the same worm. This one was interesting, as it was using bit.ly redirector in the messages.

Infected users were sending Tweets like this: "How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1S"

A message like this is particularily nasty, as there were plenty of re-tweets of this malicious message sent by genuine users.

The bit.ly link got redirected back to Twitter, to user reberbrerber's profile. Which would infect Twitter users who would view it.

-- Tom
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein
lotuseclat79's Avatar
Distinguished Member with 21,345 posts.
 
Join Date: Sep 2003
Location: -71.45091, 42.27841
13-Apr-2009, 10:36 AM #6
Jason08's Avatar
Computer Specs
Distinguished Member with 3,717 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
13-Apr-2009, 02:02 PM #7
I wonder how this will affect many websites that use Twitter.
imrui's Avatar
Computer Specs
Member with 32 posts.
 
Join Date: Apr 2009
Location: My House
Experience: Advanced
13-Apr-2009, 09:49 PM #8
Jason, no it wont..

The vulnerability is on the twitter webpages, so the worm only stays there..
Jason08's Avatar
Computer Specs
Distinguished Member with 3,717 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
14-Apr-2009, 04:15 PM #9
Ok, but I guess when a company has a twitter page, then that www.twiterpage.com/companyname would be affected.
Blackmirror's Avatar
Computer Specs
Distinguished Member with 32,577 posts.
 
Join Date: Dec 2006
Location: uk
Experience: Away with the fairies :)
14-Apr-2009, 04:54 PM #10
I am so glad i dont Twitter
Jason08's Avatar
Computer Specs
Distinguished Member with 3,717 posts.
 
Join Date: Oct 2008
Location: Near Washington, D.C.
Experience: Advanced in Networking
14-Apr-2009, 10:34 PM #11
Me too. I visited it once because a company's website I go to has a Twitter page, but I never signed up at it, and haven't gone back since then (couple weeks ago.)
Reply

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 09:31 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

Powered by Cermak Technologies, Inc.