[lotuseclat79]

Worm infiltrates Twitter.

A worm apparently infected Twitter on Saturday.

The worm may originate with the StalkDaily.com site, and Twitter warned people against visiting the site or linking to it.

"If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety," Twitter informed its users on Saturday afternoon.

-- Tom

P.S. Twitter worm outbreak over Easter.

[SIR****TMG]

Thanks

[Jason08]

Thanks for posting it.

[imrui]

As far as I know, and what I observed, it is caused by a XSS(Cross Site Scripting) vulnerability, and it doesn't affect sensitive informations such as passwords. The hole is on the color boxes, and many(if not, few) people already exploited this and used it in different manners.

[lotuseclat79]

Ongoing problems at Twitter.

Twitter administrators don't seem to be able to shut down the various XSS / CSRF worms that have been plaguing the service over the weekend. Latest round of worms just started minutes ago. Apparently this run was started by a freshly registered user called cleaningUpMikey:

If you clicked on the name or the image of the person sending the message, you would get infected as well and would send the same message - and anyone viewing your profile would do the same.

We can't confirm whether "Mikeyy" is really behind these attacks. We can't confirm the above phone number either. However, it was likely picked up from this page from a social networking site:

For now, don't view profiles in Twitter.

Updated to add:

A quick look at another incarnation of the same worm. This one was interesting, as it was using bit.ly redirector in the messages.

Infected users were sending Tweets like this: "How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1S"

A message like this is particularily nasty, as there were plenty of re-tweets of this malicious message sent by genuine users.

The bit.ly link got redirected back to Twitter, to user reberbrerber's profile. Which would infect Twitter users who would view it.

-- Tom

[lotuseclat79]

HOWTO: Remove StalkDaily.com From Your Infected Twitter Profile (UPDATED).

-- Tom

[Jason08]

I wonder how this will affect many websites that use Twitter.

[imrui]

Jason, no it wont..

The vulnerability is on the twitter webpages, so the worm only stays there..

[Jason08]

Ok, but I guess when a company has a twitter page, then that www.twiterpage.com/companyname would be affected.

[Blackmirror]

I am so glad i dont Twitter

[Jason08]

Me too. I visited it once because a company's website I go to has a Twitter page, but I never signed up at it, and haven't gone back since then (couple weeks ago.)