Complete item: http://www.sophos.com/blogs/gc/g/2009/04/13/mikeyy-worm-madness-twitter/




First from PC World: It looks like Twitter's website has been scrubbed clean after several bouts of the "Mikeyy" or "StalkDaily" wormplagued the service. Even though the threat seems to have passed,questions remain about just how serious this attack was and if therewill be any repercussions for the worm's creator.

Worm Attacks Bird

Early on Saturday, April 11, the Mikeyy worm started to spread viaTwitter posts by encouraging you to click on a link to a rivalmicro-blogging service StalkDaily.com. As soon as you clicked on thelink your account would be infected and begin to send out similarmessages encouraging your followers to visit StalkDaily. Then yourfollowers would become infected and the worm's infection rate wouldgrow. You could also catch the worm by viewing infected profiles onTwitter.com.

Description:
What on earth is going on at Twitter? That's the question that many people will be asking after the Easter break, following a wave of cross-site scripting worms that hit the micro-blogging site. After each attack Twitter said that it had resolved the problem, only for hackers to return hours later with another attack effectively rubbing Twitter's nose in it.

The latest cross-site scripting worm we've seen on Twitter urges the website to hire Mikeyy Mooney, the suspected author of at least the earlier attacks and give a phone number. Journalists who have spoken to 17-year-old Mooney have confirmed to Sophos that the phone number used in the latest worm messages is genuine.

We've chosen to obscure the phone number, although it is trivial for anyone to discover it if they search on the Twitter site for archived messages. If Mooney is responsible for the worms that have troubled Twitter and its many users today then the correct course of action is for the authorities to investigate - not for the internet community to take the law into its own hands.

Of course, it's understandable that some may feel very aggrieved by a worm messing with their Twitter profile settings but it's up to Twitter to decide if it wants to make a complaint to the police.

But the worm suggesting that Mikeyy could help Twitter out with its security problems wasn't the end of it.

Yet another cross-site scripting worm hit Twitter, pretending to be a link to removal instructions for the earlier attacks. Unfortunately, if you clicked on the bit.ly link you were redirected to an infected Twitter profile page, which - yes, you guessed it - would infect your profile too and continue the spread of the worm.

What's most alarming to me though is that it seems Twitter was caught with its pants down in the aftermath of all of these attacks. To be hit by one cross-site scripting worm may be regarded as a misfortune, to be struck three or four times over a weekend looks like carelessness.

Related articles

• Twitter Vulnerability: Mutating Fast and More on the Way (readwriteweb.com)
• Twitter users hit by smut spam hack attack (theregister.co.uk)