Mikeyy another Twitter Worm
Monday, April 13, 2009
It’s turning into quite a weekend for Twitter (Twitter reviews): a new exploit has been created carrying the name of the 17 year old who supposedly created yesterday’s StalkDaily worm. We should emphasize that the attack is more of a nuisance than malicious - its only activity is to post unwanted messages.
The “mikeyy” attack posted messages into user’s Twitter streams early Sunday using much the same technique as StalkDaily. At the time of writing, it’s still live and posting messages which contain the name “mikeyy”. The messages include the following:
Mikeyy I am done…
MikeyyMikeyy is done..
Twitter please fix this, regards Mikeyy
Man, Twitter can’t fix sh*t. Mikeyy owns. :)
Dude, Mikeyy is the sh*t! :)
Twitter should really fix this…
HOW MIKEYY WORK
Mikeyy appears to use the same technique as StalkDaily, suggesting that the issue has not been fully fixed: exactly like yesterday’s exploit, it adds an executable script after #color in the CSS. There are multiple user-editable fields in the Twitter settings, and our best guess is that the exploit is using a different field for input.
It appears to be more of a nuisance than malicious at this point - the attacker is pointing out that Twitter has not fully fixed the issue.
WHAT TO DO
To prevent infection, it’s smart to:
1. Stop visiting Twitter profiles on the web, since these are the source -If you’re affected by Mikeyy, it’s smart to:
2. You might want use a 3rd party app like TweetDeck or Seesmic Desktop for now
3. Disable javascript in your browser settings, or use a Firefox add-on like no-script, which stops unwanted scripts from running
1. In your browser settings, clear your cache and cookiesThe blog Twittercism carries much the same guidance, and you can check out their explanation too.
2. Also in your browser settings, turn off javascript
3. Log into Twitter. Go to your Twitter settings and check for anything suspicious, particularly in the URL or location. If there’s anything there, delete it fully and replace with your actual URL and location.
4. Re-enable javascript and check the Design section of your Twitter profile to make sure there are no changes to your profile colors. If there are, delete these too and replace with whatever colors you want.
5. Delete unwanted Tweets containing Mikeyy
6. As an extra precaution, reset your Twitter password.
7. Log out of your account.
8. Since there are claims that Mikeyy may re-activate on login at Twitter.com, you may wish to continue using Twitter via a desktop client like TweetDeck or Seesmic Desktop, rather than on the web.
We’re tracking Mikeyy and will keep readers updated here.
Resource : Mashable.com
0 comments:
Post a Comment