Weekend worms strike Twitter, teen admits responsibility
body {
margin-top:0 !important;
padding-top:0 !important;
/*min-width:800px !important;*/
}
.wb-autocomplete-suggestions {
text-align: left; cursor: default; border: 1px solid #ccc; border-top: 0; background: #fff; box-shadow: -1px 1px 3px rgba(0,0,0,.1);
position: absolute; display: none; z-index: 2147483647; max-height: 254px; overflow: hidden; overflow-y: auto; box-sizing: border-box;
}
.wb-autocomplete-suggestion { position: relative; padding: 0 .6em; line-height: 23px; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; font-size: 1.02em; color: #333; }
.wb-autocomplete-suggestion b { font-weight: bold; }
.wb-autocomplete-suggestion.selected { background: #f0f0f0; }
| |||||||||||
About this capture
Organization: Alexa Crawls
__wm.bt(575,27,25,2,"web","http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9131478","2009-04-16",1996);
if (!self.ord) { ord = Math.random()*10000000000000000; }
document.write('');
if (!self.ord) { ord = Math.random()*10000000000000000; }
if (document.referrer.indexOf("buzz.yahoo.com") == -1) {
document.write('');
} else {
document.write('');
}
if (!self.ord) { ord = Math.random()*10000000000000000; }
if ((!document.images && navigator.userAgent.indexOf('Mozilla/2.') >= 0)|| navigator.userAgent.indexOf("WebTV") >= 0) {
if (document.referrer.indexOf("buzz.yahoo.com") == -1) {
document.write('
} else {
document.write('
}
}
if (!self.ord) { ord = Math.random()*10000000000000000; }
if (document.referrer.indexOf("buzz.yahoo.com") == -1) {
document.write('');
} else {
document.write('');
}
if ((!document.images && navigator.userAgent.indexOf('Mozilla/2.') >= 0)|| navigator.userAgent.indexOf("WebTV") >= 0) {
if (document.referrer.indexOf("buzz.yahoo.com") == -1) {
document.write('
} else {
document.write('
}
}
<!-- without this little
NS6 and IE5PC do not stretch the frame div down to encopass the content DIVs -->
if (!self.ord) { ord = Math.random()*10000000000000000; }document.write('' + 'ipt>');
@import url("/web/20090416214040cs_/http://www.computerworld.com/resources/left_nav.css");
var $j = jQuery.noConflict();
$j(document).ready(function() {
$j("#t-nav-i-17").addClass("open");
$j("#knowledge_center").addClass("open");
$j("#opinion_blogs").addClass("open");
$j("#events").addClass("open");
$j("li.open").parent().parent().addClass("open");
$j("#taxonomy_tree").treeview({
collapsed: true
});
});
- News
Shark Bait
- Back In The Day
- Boss Ahoy!
- Floundering Users
- Miscellaneous Bait
- News Bait
- Office Politics
- Q&A;
- Sinking Projects
- Tricks Of The Trade
- Video
- Suggest a Topic
- Submit a Bait
- Register
- Login
- FAQ
- Top Baits & Big Fish
- Invite a Friend
- SharkTank
Knowledge Centers
Opinion
- Webcasts
- Video
- Podcasts
- White Papers
- Computerworld Reports
Zones
- Application Grid
- HBA Advantage
- Mobility
- Security and Compliance
- Software
- Virtualization
- Case Study Library
- RSS Feeds
Events
Face to Face
- Leadership
- Awards
- Storage
- Mobile
- Data Center
- BI
- SaaS
- Green IT
- Honors
- Sponsorship
Virtual
- Cloud Computing - July 2009
- Storage Directions - June 2009
- Virtualization Directions - April 2009
- Enterprise Architecture - March 2009
- Industry
- Automotive
- Defense/Aerospace
- Energy/Utilities
- Financial
- Health Care
- Retail
- Transportation
- Travel
- Manufacturing
- Small Enterprise
- This Week in Print
- Print Subscriptions
if (!self.ord) { ord = Math.random()*10000000000000000; }
document.write(''+ 'ipt>');
resource center   See your link here |
Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Print edition
Subscribe to Computerworld 40 years of the most authoritative source of news and information for IT leaders.
_uacct = "UA-300704-1";
urchinTracker();
Weekend worms strike Twitter, teen admits responsibility
Twitter cross-site scripting bugs exploited; 17-year-old owns up to attacks
function showContent(item){
var element;
element = document.getElementById(item)
element.style.display = "";
}
function hideContent(item){
var element;
element = document.getElementById(item)
element.style.display = "none";
}
function activeStyle(item, base_state){
var element;
element = document.getElementById(item)
element.className = base_state + "_active";
}
function inactiveStyle(item, base_state){
var element;
element = document.getElementById(item)
element.className = base_state;
}
Top Stories
Related
April 12, 2009 (Computerworld)
Twitter Inc. acknowledged that it was hit with at least three different worm attacks that started Saturday and continued into Sunday, and it promised users that it would review its coding practices.
Michael "Mikeyy" Mooney, the 17-year-old creator of StalkDaily, a Twitter copycat site, has admitted creating the worms that attached Twitter's microblogging site.
"At about 2 a.m. on Saturday, four accounts were created that began spreading a worm on Twitter," company co-founder Biz Stone announced in a blog entry Sunday. "From 7:30 a.m. until 11 a.m. [Pacific time], our security team worked on eliminating the vectors that could identify this worm. At that time, about 90 accounts were compromised. We identified and secured these accounts."
That worm, which was widely reported on Saturday and dubbed "StalkDaily," exploited a cross-site scripting vulnerability in the Twitter service to infect user profiles. The original attack relied on tweets that referred to several malicious accounts allegedly created by Mooney; when users viewed those accounts' profiles, their own profiles became infected, and their accounts then sent more spam-style messages to entice friends to the just-infected profiles.
Those messages promoted the StalkDaily site with tweets such as "I love www.StalkDaily.com" and "Dude, www.StalkDaily.com is awesome. What's the fuss?"
The second attack, which Twitter said affected about 100 different accounts, occurred later Saturday, and the third began Sunday. All three were exploiting cross-site scripting bugs in the service.
"All told, we identified and deleted almost 10,000 tweets that could have continued to spread the worm," Stone said in his blog post.
Sunday's worm -- which was pegged as "Mikeyy" because the tweets it forced infected accounts to send included "Mikeyy I am done..." and "Man, Twitter can't fix sh*t. Mikeyy owns" -- was also set loose by Mooney, according to an interview conducted with him earlier today by Net News Daily.
When asked why he created the StalkDaily worm, Mooney said, "Out of boredom. It was the middle of the night and I had nothing else better to do."
Also in the interview, Mooney both dismissed his actions and said he knew the attacks could land him in trouble. "I feel pretty bad about it, but it's not me that left the vulnerability out in the open," he said, then later added, "I'm not worried, though. I know that it could land me in jail."
On the StalkDaily Web site, Mooney posted a short message that read: "I have came clean and have accepted the responsibility for the worm."
Twitter was not available for comment Sunday to answer questions about whether it had, or would, contact law enforcement officials.
One security company warned that the attacks might not be over. "There's going to be quite a few modified Twitter worms for a day or two," predicted Mikko Hypponen, chief research officer at F-Secure Corp., on his company's Web site. "Be careful in Twitter, don't view profiles, don't follow links."
Hypponen also noted that the attacks rely on JavaScript, and that users can protect themselves further by disabling JavaScript in their browsers.
if (!self.ord) { ord = Math.random()*10000000000000000; }document.write('' + 'ipt>');
Make a Comment Recommend This
Print This
Reprints
if (!self.ord) { ord = Math.random()*10000000000000000; }document.write('' + 'ipt>');
@import url("/web/20090416214040cs_/http://www.computerworld.com/comments/modules/article_comments/article_comments.css");
@import url("/web/20090416214040cs_/http://www.computerworld.com/comments/modules/anon_vote/anon_vote.css");
function render_article_comments() {
var comments_html = resultXML.getElementsByTagName('comments').item(0);
if (comments_html.firstChild != null) document.getElementById("article_comments").innerHTML = comments_html.firstChild.data;
}
try {
var getThis = 'http://'+location.host+'/comments/?q=article_view/9131478/17';
loadXMLDoc(getThis,render_article_comments,true);
}
catch(err) {
var error = true;
}
if (!self.ord) { ord = Math.random()*10000000000000000; }
document.write(''+ 'ipt>');
if (!self.ord) { ord = Math.random()*10000000000000000; }
document.write('');
if ((!document.images && navigator.userAgent.indexOf('Mozilla/2.') >= 0)|| navigator.userAgent.indexOf("WebTV") >= 0) {document.write('
White Papers & Webcasts
Oracle Data Guard 11g The Next Era in Data Protection and Availability
(Source: Oracle) Efficient business operations, high quality customer service, conformance with government regulations, and safeguarding corporate information assets all depend upon achieving the...
How to Future-proof for Mobility: An Integrated Management and Security Strategy
(Source: Sybase) This on-demand video webcast features John Girard, Gartner VP and distinguished Analyst, discussing the value of an integrated management...
Employee Web Use and Misuse
(Source: MessageLabs) There is a balance between monitoring and blocking web use in the workplace. IT Managers need to determine the best way...
Top 7 Backup Mistakes to Avoid in Windows Environment
(Source: Symantec) Learn how Symantec can help you avoid several common backup/restore mistakes that could be costing you money and even putting your...
Email Security Buyer's Guide
(Source: MessageLabs) Is your existing email security in need of review? Spam, viruses and other forms of malware pose a serious threat to...
VMware Infrastructure Backup and Recovery Best Practices Webcast
(Source: Symantec) Join Symantec and VMware to learn the value of migrating to a VMware Infrastructure and implementing a comprehensive strategy that scales...
Critical Data Protection
(Source: MessageLabs) New laws and compliance regulations require businesses to encrypt email communications that contain certain confidential and personal information. There are significant...
Building Bullet-Proof Security for SharePoint Portals
(Source: Oracle) SharePoint has rapidly evolved into a critical business collaboration tool for many enterprises primarily driven by its ease of deployment. However,...
Oracle Database 11g High Availability
(Source: Oracle) This paper will review the common causes of application downtime and discuss how technologies available in the Oracle Database can help...
Security Configuration Management
(Source: BigFix) In this web video, follow along with Jim Hansen, Senior Product Manager with Big Fix, as he explains why...
All White Papers | All Webcasts
Computerworld Reports
Computerworld Technology Briefing: Application Consolidation
Computerworld Technology Briefing: Intelligent Users Use Business Intelligence
An Apple for Your Enterprise?
Sign up to receive updates on the latest Security resources
Visit the Novell Security and Compliance Zone
Strategies for meeting stringent privacy policies and continually changing government requirements.
if (!self.ord) { ord = Math.random()*10000000000000000; }
document.write(''+ 'ipt>');
 |
 | Symantec Report on the Underground Economy The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed. Download this white paper  | Data Loss Risks During Downsizing With the dramatic increase in lost jobs, companies should be aware of the possibility that these employees may be walking off with their sensitive and confidential data. An independent study done by the Ponemon Institute surveyed employees leaving their jobs and taking company data with them. This type of data loss problem may be putting companies at risk for a potential data breach. This study will help you to understand what employees are doing with the data on the laptops their employers provided them.Download this white paper | 3 Steps to Protect Confidential Data on Laptops Learn how to avoid being part of the one-third of security breaches that occur due to laptop theft. This report outlines specific steps to help you secure confidential data and minimize the impact of data loss resulting from stolen or missing laptops. Download this white paper | Managing Spend on Information Security and Audit for Better Results The benchmarks conducted by the IT Policy Compliance Group show almost all organizations have financial incentives exceeding 100 percent to make improvements to reduce financial risk from data loss, downtime and regulatory audit. This report includes findings covering the principal operational outcomes being experienced by organizations, financial risks, losses and returns, and the practices making the most difference to control risks, reduce costs, and improve results.Download this Report! |
White Papers
Sponsored Links
CIO  ComputerworldCSODEMOGameProGames.netIDCIDGIDG ConnectIDG Knowledge HubIDG TechNetworkIDG VenturesIDG.net InfoWorldITwhitepapersITworldJavaWorldLinuxWorldMacworldNetwork WorldPC WorldThe Industry StandardCopyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
_qacct="p-25K88fxDSEn9Y";quantserve();
Clash Royale CLAN TAG