14 DAY TRIAL // Several sustained attacks against Twitter users have created quite a stir on the micro-blogging platform, over the weekend. The incidents caused logged-in Twitters who were visiting compromised profiles to automatically propagate the worm by posting unauthorized messages.
The first attacks hit during the early hours of Saturday, when users started posting messages promoting a website called StalkDaily. "Dude, www.StalkDaily.com is awesome. What's the fuss?," "Join www.StalkDaily.com everyone!," "Woooo, www.StalkDaily.com :)," "Virus!? What? www.StalkDaily.com is legit!,"some of them read.
The Twitter staff was alerted at about 7:30 am and determined that the attack vector was a cross-site scripting (XSS) weakness. The users who were visiting the profile of a compromised account were being compromised themselves. In total, until the management was able to intervene, 90 accounts were affected and had to be temporarily suspended.
Later during the day, a new wave of attacks hit, displaying similar messages, but exploiting a different weakness. These resulted in 100 more accounts being compromised, keeping the Twitter staff on their toes for the second time in 24 hours. They have maintained that the flaws exploited by the worm have been patched.
Initially, the StalkDaily.com administration, which is, to some extent, a Twitter clone with some extra features, denied any involvement in the attacks. However, 17-year-old Mikeyy Mooney, the creator of StalkDaily, assumed responsibility. "I have came clean and have accepted the responsibility for the worm," he wrote. Furthermore, he gave an interview to BNOnews.
"I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website," he added.
A third strike occurred on Sunday, when a new worm started spreading messages that read, "Twitter should really fix this...," "Mikeyy I am done...," "MikeyyMikeyy is done...," "Twitter please fix this, regards Mikeyy," "Wow... Mikeyy."
"Again, we secured the accounts that had been compromised and removed any content that might help spread the worm. All told, we identified and deleted almost 10,000 tweets that could have continued to spread the worm," Biz Stone, the Twitter founder, wrote on the company's blog.
Stone pointed out that they would remain on alert for future attacks and compared these incidents with the MySpace Samy worm. "At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts," he warned.
"Twitter is being put through the mangle at the moment – clearly a long hard look needs to be taken of how well it secures its users if it is going to survive its growing popularity amongst cybercriminals as well as the general public," Graham Cluley, senior technology consultant at Sophos, commented.
Twitters using Firefox can protect themselves from XSS and other attacks, such as Clickjacking, which has also affected Twitter several times, by installing the NoScript Mozilla Firefox extension.