Tumblr worm hitting websites, posting identical message from GNAA

Filed Under: Malware, Social networks, Spam, Vulnerability

There appears to be a worm impacting many Tumblr websites, defacing pages with an identical message.

Hacked Tumblr webpage

The message, was posted alongside an image of a man and the logo of a group called the "GNAA".

The "GNAA", the Gay N***** Association of America, is an association of internet trolls that seems to have a particular delight in winding up bloggers with racist posts.

At the time of writing, Tumblr does not appear to have said anything about the problem. However, many Tumblr users have turned to other social media outlets to share their concerns that they have been hit by a worm.

For instance, news website The Verge told its readers that its Tumblr had fallen victim to the hack:

The hack is still being investigated, and we'll update this article as we find out more. In the meantime, however, we would recommend that internet users do not visit Tumblr sites - in particular if they run their own Tumblr page and are logged into the site as this is a possible method through which the attack could be spread.

Of course, Tumblr isn't the first social media site to be hit by a fast-spreading worm. For instance, a couple of years ago Twitter was widely hit by a worm that exploited cross-site-scripting (XSS) vulnerability.

See also: How the Tumblr worm spread so quickly

Update: Tumblr has now issued a statement about the security problem:

When I tried to post to Tumblr from a test account I was presented with the following message, which may indicate that Tumblr has temporarily disabled posting to prevent the worm from spreading further:

Tumblr stops new posts

Further update: Tumblr says that it has now resolved the issue:

, , , ,

You might like

3 Responses to Tumblr worm hitting websites, posting identical message from GNAA

  1. KLD · 1044 days ago

    Weird...Tumblr has been up all night (and all day) for me.
    They're infamous for downtime, though, so I wouldn't be surprised if that's just a glitch in the system.

  2. Last Laugh · 1044 days ago

    The perpetrators of the virus must be laughing. Not only did it post itself to any number of Tumblr accounts, it's now magically spread to countless other blogs, including this one, where it's repeated in full. Twice.

  3. justkeepit · 1044 days ago

    maybe though, but then i haven't seen my dashboard almost 3 weeks haha

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley