Think Twice Before You Tweet Today
"We are currently addressing a new manifestation of the worm attack," Twitter administrators said in a blog posted on the Twitter status page around 5:00 a.m. ET today. "No passwords, phone numbers or other sensitive information were compromised as part of this renewed attack."
During the weekend Twitter was hit with three waves of attacks from the worm that was initially dubbed "StalkDaily" because it promoted the Twitter copycat site StalkDaily.com. A variant of the worm that struck Sunday was called "Mikeyy" because it forced infected accounts to send tweets that included that name.
Published reports said a 17-year-old New York teen who uses "Mikeyy" as a nickname and who created the StalkDaily.com site has admitted creating the worm.
The first attack struck at 2:00 a.m. Saturday when four accounts were created that began spreading the worm, according to a blog post by Twitter co-founder Biz Stone. That attack compromised 90 accounts before it was contained.
Later Saturday a second wave of the worm, which Twitter described as "much more intense," compromised about 100 accounts. Twitter responded by identifying and securing the accounts, and identified and deleted "malicious content that could work to further spread the worm," the Twitter blog said. A third wave of attacks hit Sunday morning. Altogether, Twitter said it removed almost 10,000 tweets that could have spread the worm.
The worm is believed to have exploited a cross-site scripting vulnerability in the Twitter service to infect user profiles. Those accounts were used to generate thousands of spamlike messages promoting StalkDaily.com.
Twitter said the worm is similar to the "Samy" worm that spread across the MySpace social networking site in 2005. The blog noted that MySpace sued the worm's creator and felony charges were brought in that case. While not specifically saying Twitter would do the same in the StalkDaily case, Stone's Twitter blog said: "Twitter takes security very seriously and we will be following up on all fronts."
The blog also promised that Twitter would review its Web coding practices to thwart future attacks. "Everything from how it happened, how we reacted, and preventative measures will be covered."