« Nessus Version 4 Released | Main | Twitter response to xss worm attack »

Two XSS Worms Slam Twitter

UPDATE: F-Secure has posted more detailed information.

"Some 24 hours after a worm spread advertising on Twitter, the popular social networking website, a second worm emerged on Sunday. Both worms appear to be created by Mikeyy Mooney, a 17-year-old from Brooklyn, New York.

The first worm emerged on Saturday when Twitter profiles began posting messages which encouraged people to visit StalkDaily.com. The owner of the website, Mikeyy Mooney, told BNO News that he was responsible. "I am aware of the attack and yes I am behind this attack," he said. Mooney said he created the worm to "give the developers an insight on the problem and while doing so, promoting myself or my website."

Later that evening, Twitter said they had resolved the problem. "We've taken steps to remove the offending updates, and to close the holes that allowed this worm to spread," a statement read.

Hours later, a new worm which appeared to be similar to the first one, made its way into the Twitter community. Infected users spread messages such as "Mikeyy is done" and other Twitter users who are logged on to the site and visit the infected profile start doing the same, which makes the worm unusual as no action is required to get infected. It is unclear if Mooney is behind the new attack but a review of the script by BNO News showed it is the same worm from Saturday, except for the fact that it is spreading a new message and is hosted on a different server. It is currently unknown if Mooney may face legal action."

Read more: http://adjix.com/af5t

Twitter Update: http://status.twitter.com/post/95332007/update-on-stalkdaily-com-worm

NetworkWorld Article: http://www.networkworld.com/community/node/40825

Another: http://www.networkworld.com/community/node/40822

The Cross Site Scripting FAQ: http://www.cgisecurity.com/xss-faq.html

The Cross-site Request Forgery FAQ: http://www.cgisecurity.com/csrf-faq.html


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

There are responsible ways to inform a vendor or service provider about a vulnerability. This is not it.