There appears to be a worm impacting many Tumblr websites, defacing pages with an identical message.
The message, was posted alongside an image of a man and the logo of a group called the "GNAA".
The "GNAA", the Gay N***** Association of America, is an association of internet trolls that seems to have a particular delight in winding up bloggers with racist posts.
At the time of writing, Tumblr does not appear to have said anything about the problem. However, many Tumblr users have turned to other social media outlets to share their concerns that they have been hit by a worm.
For instance, news website The Verge told its readers that its Tumblr had fallen victim to the hack:
Yes, our Tumblr appears to have been hacked. We're taking care of this — and we recommend staying away from those nasty links.—
The Verge (@verge) December 03, 2012
The hack is still being investigated, and we'll update this article as we find out more. In the meantime, however, we would recommend that internet users do not visit Tumblr sites - in particular if they run their own Tumblr page and are logged into the site as this is a possible method through which the attack could be spread.
Of course, Tumblr isn't the first social media site to be hit by a fast-spreading worm. For instance, a couple of years ago Twitter was widely hit by a worm that exploited cross-site-scripting (XSS) vulnerability.
See also: How the Tumblr worm spread so quickly
Follow @gcluley
Update: Tumblr has now issued a statement about the security problem:
We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as swiftly as possible. Thank you.—
Tumblr (@tumblr) December 03, 2012
When I tried to post to Tumblr from a test account I was presented with the following message, which may indicate that Tumblr has temporarily disabled posting to prevent the worm from spreading further:
Further update: Tumblr says that it has now resolved the issue:
Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs. Thanks for your patience.—
Tumblr (@tumblr) December 03, 2012
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
Weird...Tumblr has been up all night (and all day) for me.
They're infamous for downtime, though, so I wouldn't be surprised if that's just a glitch in the system.
The perpetrators of the virus must be laughing. Not only did it post itself to any number of Tumblr accounts, it's now magically spread to countless other blogs, including this one, where it's repeated in full. Twice.
maybe though, but then i haven't seen my dashboard almost 3 weeks haha