Weibo, China's Twitter-like service, hit by worm

Filed Under: Malware, Social networks, Vulnerability

WeiboIts popularity dwarfs that of Twitter, but most people have probably never heard of the Sina Weibo micro-blogging site.

Weibo is huge in China, with over 140 million users merrily micro-blogging away, and following the latest updates from their favourite celebrities.

But all this popularity, of course, simply means that there's an opportunity for more users to be hit by malware should one break out on the system.

Sina Weibo says that a worm broke out on their site at 8.20pm on Tuesday night, Beijing time, exploiting a cross-site scripting (XSS) vulnerability in the site to spread quickly.

Fan BingbingAccording to online reports, the worm originated from a Weibo account called "@hellosamy" and worm forwarded itself to other users with a range of enticing subjects to catch out the unwary.

These ranged from claiming to be links to bloopers from a newly-released propaganda movie, nude pictures of popular actress Fan Bingbing, and phrases such as "Move a woman's heart with 100 lines of poetry" and "Software to listen to other people's phones."

Clicking on any of the links meant that your own Weibo account would automatically repost the link, and send messages to your online friends. Some users reported having received thousands of affected messages.

Fortunately, Sina Weibo reports that they patched the vulnerability on the site in just over an hour - a good response, but still not quick enough to stop thousands of people from being put at risk. Sophos products detect the worm as JS/Weibosamy-A.

The fact that the worm originated from an account called "@hellosamy" certainly caused me to raise an eyebrow. It seems to me that this is an homage to the Samy worm (also known as JS/Spacehero-A) which spread rapidly across the MySpace network in 2005, infecting many users' accounts via a cross-site scripting vulnerability.

This isn't the first time, of course, that an Asian social network has been hit hard by malware. For instance, in 2009 Naked Security reported on a cross-site scripting worm which spread across RenRen posing as a video of Pink Floyd's classic song "Wish you were here".

As more and more people put their trust in social networks, the sites themselves have to adopt a mature attitude to security and ensure that users are not being unnecessarily exposed to attacks.

, , , , , , , , ,

You might like

3 Responses to Weibo, China's Twitter-like service, hit by worm

  1. Peter B · 1522 days ago

    Interesting, but not surprising given the number of users ripe for the picking.

    One bone to pick with your article is that written Chinese does not differentiate between spoken dialects, so Mandarin and Cantonese are not written variants. If you happen to come across a Chinese film in Cantonese or other dialect, the subtitles in Chinese are for the benefit of the speakers of other dialects.

    • Jarod · 1521 days ago

      Very correct. In written there are Simplified Chinese and Traditional Chinese. You can safely say Cantonese write in Traditional Chinese, and Mandarin use Simplified.

      • Paul Ducklin · 1521 days ago

        I've edited the article to remove the potential confusion :-) After all, many of the users will be blogging away in their own dialect - including the dialect called "microblogging language", which bears little resemblance (whatever language you _speak_ :-) to something you would use in conversation or in a job application.

        After all, in the Anglophone world, you often don't write tweets and texts in English, or even necessarily in the Roman alphabet. You write them, well, as tweets or texts.

        (An Aussie mobile phone company has a campaign to stop people texting whilst driving. It's based around the image of a vehicle registration plate reading "M8-IT-CAN-W8".)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley