|
Twitter spam worm?
http://mashable.com/2009/04/11/stalkdaily-twitter
Quote:
While reports are still coming in and we’re trying to keep this lightweight enough for everyone to understand, here’s our draft summary of the steps taken by the attacker (please add info and explanations in the comments section and we’ll continue to update this). The attacker:
1. Realized that Twitter allows you to insert not just a URL in your “bio” section, but also a script (a quick glance at the source suggests that the javascript used is hidden in the color attribute and hosted at a site called mikeyylolzuuug dot com)
2. Created one or more Twitter profiles with malicious code in the bio sections, enticing Twitter users to visit the pages by following those users (one malicious account may have been called “gangsterboy”)
3. When the profile is visited, the script has a delay of approximately 3 seconds before requesting the Twitter cookie and username from your browser
4. These details are used to create an authentication token, allowing the script to execute any of the actions allowed through the Twitter API
5. The script sends out Tweets on the affected account
6. The script also inserts the itself into the user’s Bio section, making their Twitter account a host.
|
My only question is which gif will mikey post?
__________________
<!--BEGIN SIMUTRONICS PLAY BUTTON CODE -->
<p align="center">
<a href="http://buddy.play.net/dr?TMOREAU1">
<img src="drplay.gif" width="128" height="64" alt="Play DragonRealms!"></a></p>
<!--END SIMUTRONICS PLAY BUTTON CODE -->
|