pbnetworks - Computer Security Solutions

pbnetworks - Computer Security Solutions

04/13/09 StalkDaily/Mikeyy continues to flood Twitter

Despite Twittersaying the initial issue with the StalkDaily wormhad been resolved, Twitter users are now seeing the effects of a fourth generation of the worm. Now known as the Mikeyy worm, after Mikeyy Mooney, a 17 year old who claimed responsibility, the new worm promotes Mikeyy and taunts Twitter with messages such as "Twitter, hire Mikeyy! (718) 312-8131 :)", "Twitter, your community is going to be mad at you... - Mikeyy" and "This is all Twitters fault! Don't blame Mikeyy!!". Other messages sent by the worm offer instructions on how to remove it but also link to infected user profiles.

The latest variant changes an infected user's name to inject a script element into the head section which directs the browser to include a script called ajax.js from stalkdaily.com. This contains an obfuscated script which will hijack the Twitter account of anyone who visits the user's profile page while logged in to Twitter. F-Secure's blog reports that the latest generation was apparently launched from a freshly registered account "cleaningUpMikey".

If infected, a user needs to edit their profile to remove the exploit. Disabling JavaScript can prevent the problem, but does reduce the functionality of other sites. Firefox users can install NoScriptto control which sites can execute JavaScript and ensure that www.stalkdaily.com is not allowed to do so. To avoid infection, the advice for users is to use a third party client to access Twitter and not to view user profiles through a web browser. The latter part is somewhat harder as shortened URLs, common on Twitter, obfuscate the actual URL.

Twitter administrators have responded saying they were taking actionto block the latest generation of the worm, and The H notes that as of writing, new Mikeyy infected messages seem to be falling off, being replaced with tweets about the worm.

Return to Home
Copyright © 2019 pbnetworks. All Rights Reserved. ip information