What on earth is going on at Twitter?
That’s the question that many people will be asking after the Easter break, following a wave of cross-site scripting worms that hit the micro-blogging site. After each attack Twitter said that it had resolved the problem, only for hackers to return hours later with another attack effectively rubbing Twitter’s nose in it.
The latest cross-site scripting worm we’ve seen on Twitter urges the website to hire Mikeyy Mooney, the suspected author of at least the earlier attacks and give a phone number. Journalists who have spoken to 17-year-old Mooney have confirmed to Sophos that the phone number used in the latest worm messages is genuine.
We’ve chosen to obscure the phone number, although it is trivial for anyone to discover it if they search on the Twitter site for archived messages. If Mooney is responsible for the worms that have troubled Twitter and its many users today then the correct course of action is for the authorities to investigate – not for the internet community to take the law into its own hands.
Of course, it’s understandable that some may feel very aggrieved by a worm messing with their Twitter profile settings but it’s up to Twitter to decide if it wants to make a complaint to the police.
But the worm suggesting that Mikeyy could help Twitter out with its security problems wasn’t the end of it.
Yet another cross-site scripting worm hit Twitter, pretending to be a link to removal instructions for the earlier attacks. Unfortunately, if you clicked on the bit.ly link you were redirected to an infected Twitter profile page, which – yes, you guessed it – would infect your profile too and continue the spread of the worm.
What’s most alarming to me though is that it seems Twitter was caught with its pants down in the aftermath of all of these attacks. To be hit by one cross-site scripting worm may be regarded as a misfortune, to be struck three or four times over a weekend looks like carelessness.
