Weibo, China’s Twitter-like service, hit by worm

WeiboIts popularity dwarfs that of Twitter, but most people have probably never heard of the Sina Weibo micro-blogging site.

Weibo is huge in China, with over 140 million users merrily micro-blogging away, and following the latest updates from their favourite celebrities.

But all this popularity, of course, simply means that there’s an opportunity for more users to be hit by malware should one break out on the system.

Sina Weibo says that a worm broke out on their site at 8.20pm on Tuesday night, Beijing time, exploiting a cross-site scripting (XSS) vulnerability in the site to spread quickly.

Sign up to our free newsletter.
Security news, advice, and tips.

Fan BingbingAccording to online reports, the worm originated from a Weibo account called “@hellosamy” and worm forwarded itself to other users with a range of enticing subjects to catch out the unwary.

These ranged from claiming to be links to bloopers from a newly-released propaganda movie, nude pictures of popular actress Fan Bingbing, and phrases such as “Move a woman’s heart with 100 lines of poetry” and “Software to listen to other people’s phones.”

Clicking on any of the links meant that your own Weibo account would automatically repost the link, and send messages to your online friends. Some users reported having received thousands of affected messages.

Fortunately, Sina Weibo reports that they patched the vulnerability on the site in just over an hour – a good response, but still not quick enough to stop thousands of people from being put at risk. Sophos products detect the worm as JS/Weibosamy-A.

The fact that the worm originated from an account called “@hellosamy” certainly caused me to raise an eyebrow. It seems to me that this is an homage to the Samy worm (also known as JS/Spacehero-A) which spread rapidly across the MySpace network in 2005, infecting many users’ accounts via a cross-site scripting vulnerability.

This isn’t the first time, of course, that an Asian social network has been hit hard by malware. For instance, in 2009 Naked Security reported on a cross-site scripting worm which spread across RenRen posing as a video of Pink Floyd’s classic song “Wish you were here”.

As more and more people put their trust in social networks, the sites themselves have to adopt a mature attitude to security and ensure that users are not being unnecessarily exposed to attacks.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.