Mikeyy worm targets Oprah, New York Times and others

Mikeyy worm targets Oprah, New York Times and others

A new version of the Mikeyy cross-site scripting worm is spreading extremely rapidly across the Twitter micro-blogging network.

Messages posted by the worm include:

@oprah – sup? welcome to twitter. – mikeyy
@TheEllenShow – hey baby, love me long time? – mikeyy
@nytimes – yep, it’s true. – mikeyy
@StephenColbert – you funny. – mikeyy
@aplusk – hey, homo. – mikeyy
@souljaboytellem – your music sucks dude. – mikeyy

Mikeyy Oprah message

The worm appears to be deliberately referencing Twitter users with a very large number of followers (for instance, @aplusk is Hollywood actor Ashton Kutcher who has more than a million followers), presumably with the hope of spreading the infection more quickly.

Compromised accounts appear to have their profiles altered to reference Mikeyy:

Profile affected by new Mikeyy worm

My recommendation? If you are going to click on users’ profiles on Twitter right now make sure that your browser is fully patched and that you have scripting turned off using plugins like NoScript for Firefox.

If you suspect you have been affected, clean out your Twitter profile and settings of any content that you did not add yourself, and – although it may not be the case that it has been compromised – consider using a more secure password.

Ironically, this new version of the Mikeyy worm has emerged at the same time as controversy is raging over whether a firm was right to hire the notorious Mikeyy Mooney who admitted writing the original attacks.

Sign up to our free newsletter.
Security news, advice, and tips.

As I explained earlier today, one of the reasons why Mikeyy Mooney’s abuse of Twitter was so wrong was that it opened the door for other copy-cat attacks. At the moment it is not clear who is responsible for this latest outbreak.

Update: It also appears that the message

I work for exqSoft Solutions now – http://www.exqsoft.com/ – mikeyy

is spreading quickly. Other messages being posted by the worm include:

Twitter, you should be paying me now. – mikeyy
Twitter, do you know about the before_save model callback? – mikeyy
Twitter, BeforeSave: ForEach: DataArray: EscapeHtmlChars!!! – mikeyy
This exploit only affects Internet Explorer users. Thanks. – mikeyy

Please note that we have not verified that you can only be infected if you use Internet Explorer.

Be careful out there.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.