More Mikeyy worm madness on Twitter

More Mikeyy worm madness on Twitter

What on earth is going on at Twitter?

That’s the question that many people will be asking after the Easter break, following a wave of cross-site scripting worms that hit the micro-blogging site. After each attack Twitter said that it had resolved the problem, only for hackers to return hours later with another attack effectively rubbing Twitter’s nose in it.

The latest cross-site scripting worm we’ve seen on Twitter urges the website to hire Mikeyy Mooney, the suspected author of at least the earlier attacks and give a phone number. Journalists who have spoken to 17-year-old Mooney have confirmed to Sophos that the phone number used in the latest worm messages is genuine.

Twitter hire Mikeyy!

We’ve chosen to obscure the phone number, although it is trivial for anyone to discover it if they search on the Twitter site for archived messages. If Mooney is responsible for the worms that have troubled Twitter and its many users today then the correct course of action is for the authorities to investigate – not for the internet community to take the law into its own hands.

Sign up to our free newsletter.
Security news, advice, and tips.

Of course, it’s understandable that some may feel very aggrieved by a worm messing with their Twitter profile settings but it’s up to Twitter to decide if it wants to make a complaint to the police.

But the worm suggesting that Mikeyy could help Twitter out with its security problems wasn’t the end of it.

How NOT to remove Mikeyy

Yet another cross-site scripting worm hit Twitter, pretending to be a link to removal instructions for the earlier attacks. Unfortunately, if you clicked on the link you were redirected to an infected Twitter profile page, which – yes, you guessed it – would infect your profile too and continue the spread of the worm.

What’s most alarming to me though is that it seems Twitter was caught with its pants down in the aftermath of all of these attacks. To be hit by one cross-site scripting worm may be regarded as a misfortune, to be struck three or four times over a weekend looks like carelessness.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.