Twitter Security Holes Exploited: StalkDaily and Mikeyy Worms
Over the weekend popular social networking and micro-blogging site Twitter was hit by two worms: the StalkDaily worm and the Mikeyy worm exploited a cross-site scripting vulnerability in order to target unsuspecting Twitter users. Signs of infection were obvious: messages leading to StalkDaily.com were posted without user consent, and messages stating that Mikeyy owns were also posted without users being aware of the issue. Co-founder and Creative Director with Twitter indicated that the incident did not lead to phone numbers, passwords, and other sensitive or confidential data being compromised.
“The worm introduced to Twitter this weekend was similar to the famous Samy worm which spread across the popular MySpace social-networking site a while back. At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts. We are still reviewing all the details, cleaning up, and we remain on alert. Every time we battle an attack, we evaluate our web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities. Everything from how it happened, how we reacted, and preventative measures will be covered,” explains Biz Stone.
The whole thing went down something like this: On Saturday, at approximately 2AM four Twitter accounts began spreading a worm on Twitter. The security team at Twitter quickly intervened and worked on identifying the worm and detecting compromised accounts (about 90 on Saturday morning). A second worm attack was identified Saturday evening, attack that was much more intense and managed to compromise about 100 accounts. The worm attacks continued Sunday morning, but this time the security team was ready and managed to combat the attackers in real time.
Responsibility for the worm attack has been taken by one 17-year old Michael “Mikeyy” Mooney from Brooklyn, NY. He says that he did it out of boredom, but he never anticipated the worm, which was not designed to do much damage, would spread so fast or so far. Mooney says that he whole incident has draw way too much attention on himself and that he will put his worm writing activities aside – he claims to have been creating worms for about 3 years now, but the StalkDaily and Mikeyy worms will be his last.
“I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website,” says Mooney.
“The worm introduced to Twitter this weekend was similar to the famous Samy worm which spread across the popular MySpace social-networking site a while back. At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts. We are still reviewing all the details, cleaning up, and we remain on alert. Every time we battle an attack, we evaluate our web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities. Everything from how it happened, how we reacted, and preventative measures will be covered,” explains Biz Stone.
The whole thing went down something like this: On Saturday, at approximately 2AM four Twitter accounts began spreading a worm on Twitter. The security team at Twitter quickly intervened and worked on identifying the worm and detecting compromised accounts (about 90 on Saturday morning). A second worm attack was identified Saturday evening, attack that was much more intense and managed to compromise about 100 accounts. The worm attacks continued Sunday morning, but this time the security team was ready and managed to combat the attackers in real time.
Responsibility for the worm attack has been taken by one 17-year old Michael “Mikeyy” Mooney from Brooklyn, NY. He says that he did it out of boredom, but he never anticipated the worm, which was not designed to do much damage, would spread so fast or so far. Mooney says that he whole incident has draw way too much attention on himself and that he will put his worm writing activities aside – he claims to have been creating worms for about 3 years now, but the StalkDaily and Mikeyy worms will be his last.
“I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website,” says Mooney.
