The day after messages about StalkDaily swamped the feeds of Twitter users via a cross-site scripting attack, we are seeing another assault on the micro-blogging network – apparently inspired by the suspected author of the previous attack.
Thousands of duplicate messages have been posted on the site without the knowledge of account owners, all mentioning “Mikeyy” – a reference to Mikeyy Mooney, the 17-year-old who was reported as having admitted being responsible for the StalkDaily attack.
Messages include:
Man, Twitter can't fix shit. Mikeyy owns. :)
Dude! Mikeyy! Seriously? Haha. ;)
Dude, Mikeyy is the shit! :)
damn mikeyy. haha.
Twitter should really fix this...
Mikeyy I am done...
MikeyyMikeyy is done..
Twitter please fix this, regards Mikeyy
Wow...Mikeyy.
Like StalkDaily, Mikeyy is another Twitter cross-site scripting worm. If you visit the profiles of some of the people posting these messages (obviously, this is not recommended) you will find suspicious content inside the CSS style sheet information.
Embedded script tags inside those webpages attempt to load a remote script from a third party website. The script is highly obfuscated but essentially performs the cross-site scripting (XSS) attack and adding the malicious script tags to the brand new victim’s profile.
Like StalkDaily it also tries to add script tags loading content from a webpage on uuuq.com, but as before this has now been suspended due to a violation of the terms of service.
If you’re using Twitter today I would strongly recommend that you run a browsing solution which can help you defend against cross-site scripting attacks. For instance, the free NoScript plugin can be used with Firefox to make life much harder for the cybercriminals.
Twitter is being put through the mangle at the moment – clearly a long hard look needs to be taken of how well it secures its users if it is going to survive its growing popularity amongst cybercriminals as well as the general public.