ICSA Labs on Twitter Worm
Posted on 13.04.2009
Andy Hayter, Anti-Malcode Program Manager at ICSA Labs, has put together some brief facts about the Twitter worm.
  • The Twitter worm that began to spread on Easter Sunday is a cross-site scripting worm that spreads in Twitter profiles.
  • During the first outbreak, Twitter users will receive unsolicited messages with the URL www.stalkdaily.com in the subject. DO NOT GO TO THAT WEB SITE! The second outbreak, which started later on Sunday, contained the phrase “Mikeyy” or “mikey” in it.
  • The third version of the attack uses “bit.ly” to add shortened URLs to a message that reads something like “How to remove new Mikeyy worm! RTM!!”
  • All the attacks are Javascript-based. TURN OFF JAVASCRIPT in your browser if you are worried.
  • The following Web site has steps for turning off Javascript in the popular Web browsers: http://www.tucows.com/article/1690
  • The only effect of this worm at the moment is to modify a person’s Twitter profile.
  • Malware researchers are still investigating this worm. Twitter has taken action on its end to mitigate the problem.
  • The best advice is to repeat point #5 – TURN OFF JAVASCRIPT. Utilities such as NOSCRIPT for Firefox allow you to view Javascript prior to execution and allow safe sites only.


Planning for the Internet of Things

As organizations plan for the future, and how security has to operate within their business, they now have to worry about the IoT. Geoff Webb, Director of Solution Strategy at NetIQ, discusses the implications and likely impact of the Internet of Things.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Apr 27th