Home Twitter Vulnerability: Mutating Fast and More on the Way

Twitter Vulnerability: Mutating Fast and More on the Way

Just hours after Twitter began removing the first cross-site scripting vulnerability that hit its site this weekend, a new modified strain has been found, and according to F-Secure, it’s not the last one we’re likely to see over the next few days.

“This is not over. There’s going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don’t view profiles, don’t follow links. It’s beautiful outside, maybe go for a walk instead?” Mikko said on the F-Secure blog earlier today.

According to Breaking News, Mikeyy Mooney, the 17 year-old owner of StalkDaily.com, has reportedly admitted responsibility for yesterday’s attack.

“I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”

We wrote about StalkDaily yesterday, and last night Twitter pointed out on its status blog that it has “taken steps to remove the offending updates and to close the holes that allowed this ‘worm’ to spread.” The offending code can be found at GitHub as noted by Mr Speaker who left a message in our comments, and a postmortem of yesterday’s vulnerability can be found on the DCortesi blog.

Clearly Mikeyy is still bored as the new version is now making its way across the Twitterverse, tweeting comments such as: “Man, Twitter can’t fix shit. Mikeyy owns :)”

So if you see a tweet with the word Mikeyy – don’t click on it.

F-Secure is reporting that all of these attacks are Javascript based and suggests turning it off. You can find instructions on how to turn off JavaScript in the four main browsers; Firefox, Internet Explorer, Safari and Opera at Tucows.

If you need to remove Mikeyy, Twittercism walks you through in six easy steps.

We’ll keep you updated as the day progresses.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.