StalkDaily Worm is Eating Twitter

There's a spam worm that is eating Twitter as of this writing. A site called StalkDaily has been infecting Twitter profiles today with a spam worm that forces accounts to send spam tweets towards the StalkDaily website. Do not visit the site because if you do, you'll get infected. And if you are already infected, these steps from Mashable might help:

1. Go to your Twitter account settings and switch your bio back to normal

2. In your browser settings, clear out your cache and cookies

3. As a precaution, change your Twitter password

To prevent re-infection, you need to:

1. Avoid visiting Twitter profiles until the issue is fixed

2. If you do land on a Twitter profile with StalkDaily as the URL, you have 3 seconds to close the tab before you’re affected!

3. Since these attacks only work when visiting Twitter profiles on the web, you might want to consider using a desktop Twitter client like TweetDeck or Seesmic Desktop.

Mashable has also given out some information about how this worm attacks:

1. Realized that Twitter allows you to insert not just a text in your “bio” section, but also a script (a quick glance at the source suggests that the javascript used is hidden in the color attribute and hosted at a site called mikeyylolzuuug dot com)

2. Created one or more Twitter profiles with malicious code in the bio sections, enticing Twitter users to visit the pages by following those users (one malicious account may have been called “gangsterboy”)

3. When the profile is visited, the script has a delay of approximately 3 seconds before requesting the Twitter cookie and username from your browser

4. These details are used to create an authentication token, allowing the script to execute any of the actions allowed through the Twitter API

5. The script sends out Tweets on the affected account

6. The script also inserts the itself into the user’s Bio section, making their Twitter account a host.

Labels: , ,