ICSA Labs on Twitter Worm
Andy Hayter, Anti-Malcode Program Manager at ICSA Labs, has put together some brief facts about the Twitter worm.
- The Twitter worm that began to spread on Easter Sunday is a cross-site scripting worm that spreads in Twitter profiles.
- During the first outbreak, Twitter users will receive unsolicited messages with the URL www.stalkdaily.com in the subject. DO NOT GO TO THAT WEB SITE! The second outbreak, which started later on Sunday, contained the phrase “Mikeyy” or “mikey” in it.
- The third version of the attack uses “bit.ly” to add shortened URLs to a message that reads something like “How to remove new Mikeyy worm! RTM!!”
- All the attacks are Javascript-based. TURN OFF JAVASCRIPT in your browser if you are worried.
- The following Web site has steps for turning off Javascript in the popular Web browsers: http://www.tucows.com/article/1690
- The only effect of this worm at the moment is to modify a person’s Twitter profile.
- Malware researchers are still investigating this worm. Twitter has taken action on its end to mitigate the problem.
- The best advice is to repeat point #5 – TURN OFF JAVASCRIPT. Utilities such as NOSCRIPT for Firefox allow you to view Javascript prior to execution and allow safe sites only.