Weibo, China’s Twitter-like service, hit by worm

WeiboIts popularity dwarfs that of Twitter, but most people have probably never heard of the Sina Weibo micro-blogging site.

Weibo is huge in China, with over 140 million users merrily micro-blogging away, and following the latest updates from their favourite celebrities.

But all this popularity, of course, simply means that there’s an opportunity for more users to be hit by malware should one break out on the system.

Sina Weibo says that a worm broke out on their site at 8.20pm on Tuesday night, Beijing time, exploiting a cross-site scripting (XSS) vulnerability in the site to spread quickly.

Fan BingbingAccording to online reports, the worm originated from a Weibo account called “@hellosamy” and worm forwarded itself to other users with a range of enticing subjects to catch out the unwary.

These ranged from claiming to be links to bloopers from a newly-released propaganda movie, nude pictures of popular actress Fan Bingbing, and phrases such as “Move a woman’s heart with 100 lines of poetry” and “Software to listen to other people’s phones.”

Clicking on any of the links meant that your own Weibo account would automatically repost the link, and send messages to your online friends. Some users reported having received thousands of affected messages.

Fortunately, Sina Weibo reports that they patched the vulnerability on the site in just over an hour – a good response, but still not quick enough to stop thousands of people from being put at risk. Sophos products detect the worm as JS/Weibosamy-A.

The fact that the worm originated from an account called “@hellosamy” certainly caused me to raise an eyebrow. It seems to me that this is an homage to the Samy worm (also known as JS/Spacehero-A) which spread rapidly across the MySpace network in 2005, infecting many users’ accounts via a cross-site scripting vulnerability.

This isn’t the first time, of course, that an Asian social network has been hit hard by malware. For instance, in 2009 Naked Security reported on a cross-site scripting worm which spread across RenRen posing as a video of Pink Floyd’s classic song “Wish you were here”.

As more and more people put their trust in social networks, the sites themselves have to adopt a mature attitude to security and ensure that users are not being unnecessarily exposed to attacks.