• On The Insider: James Van Der Beek Files for Divorce
advertisementGet Smart about Business Spending
April 11, 2009 7:29 PM PDT

Worm infiltrates Twitter

by Natalie Weinstein
  • Font size
  • Print
  • 10 comments

A worm apparently infected Twitter on Saturday.

The worm may originate with the StalkDaily.com site, and Twitter warned people against visiting the site or linking to it.

"If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety," Twitter informed its users on Saturday afternoon.

Details about the worm itself were scarce, but the micro-blogging site was awash in the news by Saturday night. "StalkDaily Worm Runs," "#stalksdaily," and "Twitter hit by" were the No. 2, 3, and 5 top topics at that time.

According to a TechCrunch report, visiting the profile page of an infected user can lead to one's own profile getting infected. The worm also apparently sends spam tweets from the infected person's account that direct others to the StalkDaily site.

The worm apparently hit in the morning, according to Twitter, and then had a resurgence in the afternoon.

StalkDaily's site states that it has nothing to do with the attacks, according to TechCrunch. But that statement apparently is being taken with a grain of salt.

Natalie Weinstein is an associate editor who works out of Austin, Texas. She spent a decade as a reporter and editor in the newspaper industry before joining the CNET News staff in 2000. E-mail Natalie.
Topics:

Vulnerabilities & attacks

Tags:

Twitter,

worm,

StalkDaily

Share:
Digg
Del.icio.us
Reddit
advertisement
Click Here
Recent posts from Security
Microsoft warns of IE exploit code in the wild
Chrome OS security: 'Sandboxing' and auto updates
E-tailers snagged in marketing 'scam' blame customers
McAfee warns about '12 Scams of Christmas'
Cisco launches iPhone security app
Town to photograph every car that enters and leaves
New Firefox 3.6 beta aims to cut crashes
Facebook adopts new privacy policy
Related
Kaspersky tool detects malware in Twitter links
Another iPhone worm, but this one is serious
Rick Astley resurrected in iPhone worm
Report: Twitter still 'missed opportunity' for Fortune 100s
Twitter's geotagging API goes live
Six Apart releases tiny blog tool, TypePad Micro
Twitter, LinkedIn team up for self-promotion free-for-all
Has Twitter peaked?
Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
by WayneSmallman April 12, 2009 2:37 AM PDT
Is this anything to do with the "Mikeyy! Wooo!" thing I keep seeing?
Reply to this comment
by gertruded April 12, 2009 8:54 AM PDT
Remember, these worms are only if you are running Windows operating system.
Reply to this comment
by this1! April 12, 2009 10:05 AM PDT
funny.
by In-Cyde April 12, 2009 10:55 PM PDT
It's an XSS attack, it will work with any browser, any OS.

Mac-fanboy go away.
by In-Cyde April 12, 2009 10:57 PM PDT
Just to clarify, the issue is with poor input validation and intrusion testing at Twitter, not your client computer.
by gggg sssss April 13, 2009 3:18 PM PDT
@In-Cyde and Twitther runs on linux. Wow
by Random_Walk April 12, 2009 9:22 AM PDT
@gertruded: I'm not so sure. This seems to be something based on Java/JavaScript, or some other web-enabled tech. It seems to infect your profile on Twitter, not your local computer. I'll wait for more details before saying much about whether the user's operating system (or web browser) is a factor.
Reply to this comment
by bloggerman April 12, 2009 11:22 PM PDT
Junk site anyhow, it'll teach the poor souls to learn how to harden a machine and therefore have a RELIABLE security team that knows *** they are doing.
Reply to this comment
by grecs April 13, 2009 3:39 PM PDT
This looks like some type of JavaScript attack. I wish we weren't so reliant on scripting. NoScript can be very useful for selectively enabling scripting on sites. It might not have worked that well for this though. It depends if scripting was running in the context of Twitter.
Reply to this comment
by Steve_KTG April 13, 2009 10:09 PM PDT
I can see the conundrum in spending a fortune on IT and security when your firm still hasn't hit the magic marker of joining the "green team" yet. However, attacks like these are probably the only thing that could stop twitter from being all it can be. www.justaskgemalto.com has some good articles on the risks of social networking. Probably wise to be aware of, especially if you are going a little commercial with it like most of us are.
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next
advertisement

E-tailers linked to 'scam' blame customers

Priceline, Classmates.com, and Orbitz say customers should read the fine print before complaining about being charged to join loyalty programs they didn't want.

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET