Twitter hit by cross-site scripting 'Mikeyy' worm attack

News by Dan Raywood

Twitter has been hit by a major worm attack over the Easter weekend with tens of thousands of users affected.

Twitter has been hit by a major worm attack over the Easter weekend with tens of thousands of users affected.


The worm, which directed to and was quickly named the ‘Mikeyy', caused a cross-site scripting attack on the micro-blogging website.


The hackers behind the attack planted an additional script into users' profiles alongside the StalkDaily link, meaning that you could become infected just by viewing an infected users' details, according to Sophos.


Twitter claimed that the attack spreads links across the system without users' consent. It has reassured users that they have taken steps to close the holes that allowed the worm to spread, and that ‘no passwords, phone numbers, or other sensitive information were compromised' as part of the attack.


StalkDaily originally denied any involvement in the attack. This was later replaced with an admission that a newspaper interview with worm creator Mikeyy Mooney was genuine. The Mikeyy worm was spread by visiting the profiles of some of the people posting these messages.


Graham Cluley, senior technology consultant at Sophos, said: “Embedded script tags inside those webpages attempt to load a remote script from a third party website. The script is highly obfuscated but essentially performs the cross-site scripting attack and adding the malicious script tags to the brand new victim's profile.”



Mooney, who identified himself as a 17-year-old student from New York, told the Associated Press he created the worm to promote his site.


He said: “I really didn't think it was going to get that much attention, but then I started to see all these stories about it and thought, 'Oh, my God'."


Twitter co-founder Biz Stone said: “We are still reviewing all the details, cleaning up, and we remain on alert. Every time we battle an attack, we evaluate our web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities. Everything from how it happened, how we reacted, and preventative measures will be covered.”


However the Telegraph reported that Mooney dropped his offensive after Biz Stone indicated that he might pursue legal action against the creator of the virus.


Mooney said: “If I get hit with a lawsuit, I am going to have major regrets and a big brick on my back. I am backing off now. Twitter ignored its vulnerability [to worms] so I am hoping they can just ignore me now.”





Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews