Over the Easter weekend, Twitter fell victim to yet another attack against the micro-blogging service. This time the attacker was 17 year old Mikeyy Mooney, who claims full responsibility for the attack, saying "I am aware of the attack and yes I am behind this attack".
The attack was harmless in a sense that no passwords or users data was compromised or stolen, only leaving messages on peoples Twitter page such as "Dude, www.StalkDaily.com is awesome. What's the fuss?". The worm infected other Twitter users when someone visited another person's page, making the worm spread rapidly. The messages linked users to Mikeyy Mooneys own web site which offers similar features and style as Twitter does.
Mikeyy Mooney described how he carried out the attack, "I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website."
Twitter responded by saying it has since closed the hole that allowed the worm to spread and is working to removing the unwanted updates on peoples accounts.
53 Comments - Add comment