Worm infiltrates Twitter

A worm apparently infected Twitter on Saturday.

The worm may originate with the StalkDaily.com site, and Twitter warned people against visiting the site or linking to it.

"If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety," Twitter informed its users on Saturday afternoon.

Details about the worm itself were scarce, but the micro-blogging site was awash in the news by Saturday night. "StalkDaily Worm Runs," "#stalksdaily," and "Twitter hit by" were the No. 2, 3, and 5 top topics at that time.

According to a TechCrunch report, visiting the profile page of an infected user can lead to one's own profile getting infected. The worm also apparently sends spam tweets from the infected person's account that direct others to the StalkDaily site.

The worm apparently hit in the morning, according to Twitter, and then had a resurgence in the afternoon.

StalkDaily's site states that it has nothing to do with the attacks, according to TechCrunch. But that statement apparently is being taken with a grain of salt.

[WayneSmallman]

Is this anything to do with the "Mikeyy! Wooo!" thing I keep seeing?

[gertruded]

Remember, these worms are only if you are running Windows operating system.

[this1!]

funny.

[In-Cyde]

It's an XSS attack, it will work with any browser, any OS.

Mac-fanboy go away.

[In-Cyde]

Just to clarify, the issue is with poor input validation and intrusion testing at Twitter, not your client computer.

[gggg sssss]

@In-Cyde and Twitther runs on linux. Wow

[Random_Walk]

@gertruded: I'm not so sure. This seems to be something based on Java/JavaScript, or some other web-enabled tech. It seems to infect your profile on Twitter, not your local computer. I'll wait for more details before saying much about whether the user's operating system (or web browser) is a factor.

[bloggerman]

Junk site anyhow, it'll teach the poor souls to learn how to harden a machine and therefore have a RELIABLE security team that knows *** they are doing.

[grecs]

This looks like some type of JavaScript attack. I wish we weren't so reliant on scripting. NoScript can be very useful for selectively enabling scripting on sites. It might not have worked that well for this though. It depends if scripting was running in the context of Twitter.

[Steve_KTG]

I can see the conundrum in spending a fortune on IT and security when your firm still hasn't hit the magic marker of joining the "green team" yet. However, attacks like these are probably the only thing that could stop twitter from being all it can be. www.justaskgemalto.com has some good articles on the risks of social networking. Probably wise to be aware of, especially if you are going a little commercial with it like most of us are.