April 12, 2009
by Sue Waters
Below is an account of the worm attacks on twitter on the Easter weekend, 2009 — it’s been regularly updated as new events occurred.
CURRENT STATUS: A new twitter worm attack occurred on April 17.
Early Easter Sunday 12 April (Western Australia 9 AM GMT + 8hrs) I noticed that several of my twitter followers sent out tweets that appeared like their account had been hacked. To be honest, I thought I was safe because I had seen similar before.
Boy how wrong was I….
This guy learnt a new method of hacking into our accounts. All it takes is checking on the profile when you receive notification of a new follower. Assume they have probably set up quite a few accounts to do this….
It immediately accesses your account and starts sending out a range of different tweets about the company.
Here is what you need to do if it happens to you:
- Immediately change your twitter password – that appears to stop it
- Check your bio and make sure it hasn’t added a link into it for their web site – remove any links that have been added
This was caused by a worm named the Stalkdaily worm created by Mikeyy Mooney, the 17-year-old creator of StalkDaily.com from Brooklyn (read more about it here).
When StalkDaily hit I recommended that twitter users don’t:
- Check out the profiles of any new followers until it is addressed (unless you first engage in a meaningful conversation with them)
- Don’t visit web profiles of infected users or click on the link to StalkDaily
Within about an hour Twitter deployed a security patch that they thought fixed the problem. It was also necessary for Twitter to suspend some users accounts for awhile. Some of twitterers found when their account was reactivated that it had removed them from their followers lists as a result. This meant they had to contact people and ask them to refollow.
I recommended people remain cautious for the rest of the day — just in case. Fortunately this was good advice.
Approximately 8 hours later the next worm hit twitter. This time Mikeyy Mooney created the Mikeyy worm that took over accounts including changing their user and sending out continuous tweets like:
Twitter please fix this, regards Mikeyy
Man, Twitter can’t fix sh*t. Mikeyy owns.
Twitter should really fix this…
During the Easter weekend Twitter fought off four waves of worm attacks created by Mikeyy Mooney. Damon Cortesi wrote an excellent postmortem post that explains exactly how the worm worked and what code was used.
Unfortunately security continues to be an issue for twitter. After Mikeyy Mooney was hired by ExqSoft to do security analysis work Mikeyy launched a fifth worm attack on Friday April 17. You can read more about this latest version here.
Options for protecting your twitter account:
- Don’t visit web profiles of any twitter users if you are logged into your twitter account unless you have ensured your web browser is fully secured and have scripting turned off using plugins like NoScript for Firefox.
- If you haven’t secured your web browser only visit web profiles of twitters users once you have logged out of your twitter account.
- Stick with using a twitter application like Twhirl or Tweetdeck. You can use either of these applications to check out new followers using their search facility and add by clicking on the + alongside their profile.
IF you want me to add you to my twitter account — please send me @suewaters and engage in conversation. If you are new to using twitter you might like to check out my twitter advice for new people.
Please note: I don’t normally update posts but because of the nature of these worm attacks this has been necessary.
And if you’re enjoying this blog, please consider Subscribing for free!