Mikeyy attack hits Twitter users - a bad 24 hours for Web 2.0 security

Filed Under: Social networks, Spam, Twitter

The day after messages about StalkDaily swamped the feeds of Twitter users via a cross-site scripting attack, we are seeing another assault on the micro-blogging network - apparently inspired by the suspected author of the previous attack.

Thousands of duplicate messages have been posted on the site without the knowledge of account owners, all mentioning "Mikeyy" - a reference to Mikeyy Mooney, the 17-year-old who was reported as having admitted being responsible for the StalkDaily attack.

Messages include:

Man, Twitter can't fix shit. Mikeyy owns. :)
Dude! Mikeyy! Seriously? Haha. ;)
Dude, Mikeyy is the shit! :)
damn mikeyy. haha.
Twitter should really fix this...
Mikeyy I am done...
MikeyyMikeyy is done..
Twitter please fix this, regards Mikeyy
Wow...Mikeyy.

Mikeyy messages on Twitter

Like StalkDaily, Mikeyy is another Twitter cross-site scripting worm. If you visit the profiles of some of the people posting these messages (obviously, this is not recommended) you will find suspicious content inside the CSS style sheet information.

Embedded script tags inside those webpages attempt to load a remote script from a third party website. The script is highly obfuscated but essentially performs the cross-site scripting (XSS) attack and adding the malicious script tags to the brand new victim's profile.

Remnants of the Mikeyy script on a Twitter profile, partly sanitised

Like StalkDaily it also tries to add script tags loading content from a webpage on uuuq.com, but as before this has now been suspended due to a violation of the terms of service.

If you're using Twitter today I would strongly recommend that you run a browsing solution which can help you defend against cross-site scripting attacks. For instance, the free NoScript plugin can be used with Firefox to make life much harder for the cybercriminals.

Twitter is being put through the mangle at the moment - clearly a long hard look needs to be taken of how well it secures its users if it is going to survive its growing popularity amongst cybercriminals as well as the general public.

, , , ,

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.