Twitter spam worm? - GoFuckYourself.com

420 · 04-11-2009, 08:07 PM

http://mashable.com/2009/04/11/stalkdaily-twitter

Quote:

While reports are still coming in and we’re trying to keep this lightweight enough for everyone to understand, here’s our draft summary of the steps taken by the attacker (please add info and explanations in the comments section and we’ll continue to update this). The attacker:

1. Realized that Twitter allows you to insert not just a URL in your “bio” section, but also a script (a quick glance at the source suggests that the javascript used is hidden in the color attribute and hosted at a site called mikeyylolzuuug dot com)

2. Created one or more Twitter profiles with malicious code in the bio sections, enticing Twitter users to visit the pages by following those users (one malicious account may have been called “gangsterboy”)

3. When the profile is visited, the script has a delay of approximately 3 seconds before requesting the Twitter cookie and username from your browser

4. These details are used to create an authentication token, allowing the script to execute any of the actions allowed through the Twitter API

5. The script sends out Tweets on the affected account

6. The script also inserts the itself into the user’s Bio section, making their Twitter account a host.

My only question is which gif will mikey post?

Angry Jew Cat - Banned for Life · 04-11-2009, 08:12 PM

genious....

SmokeyTheBear · 04-11-2009, 08:20 PM

youtube had the almost exact same problem a year or 2 ago

Angry Jew Cat - Banned for Life · 04-11-2009, 08:47 PM

maybe a couple months back myspace videos had a similiar javascript exploit where any javascript uld be executed through one of the input fields. they were pretty quick to get it cleared up though...

420 · 04-12-2009, 03:26 AM

7 hours ago http://status.twitter.com reported worm removed and holes fixed.

Current trending topic:

seeandsee · 04-12-2009, 03:30 AM

bump for gif

d-null · 04-12-2009, 03:35 AM

halfpint · 04-12-2009, 03:38 AM

I had a similar problem with WPMU and Buddy Press. If the admin added more user profile fields than what was written into the original core. Anybody that had signed up could add any code they wanted and it wasent filtered out. Buddy Press have now fixed it

04-11-2009, 08:20 PM	#3
SmokeyTheBear ►SouthOfHeaven Join Date: Jun 2004 Location: PlanetEarth MyBoardRank: GerbilMaster My-Penis-Size: extralarge MyWeapon: Computer Posts: 28,609	youtube had the almost exact same problem a year or 2 ago __________________ hatisblack at yahoo.com

04-12-2009, 03:26 AM	#5
420 cuck Industry Role: Join Date: Mar 2003 Posts: 11,571	7 hours ago http://status.twitter.com reported worm removed and holes fixed. Current trending topic: __________________ <!--BEGIN SIMUTRONICS PLAY BUTTON CODE --> <p align="center"> <a href="http://buddy.play.net/dr?TMOREAU1"> <img src="drplay.gif" width="128" height="64" alt="Play DragonRealms!"></a></p> <!--END SIMUTRONICS PLAY BUTTON CODE -->

04-12-2009, 03:30 AM	#6
seeandsee Check SIG! Industry Role: Join Date: Mar 2006 Location: Europe (Skype: gojkoas) Posts: 50,945	bump for gif __________________ BUY MY SIG - 50$/Year Contact here

04-12-2009, 03:35 AM	#7
d-null . . . Industry Role: Join Date: Apr 2007 Location: NY Posts: 13,724	__________________ __________________ Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad! Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs Check out the #1 WordPress SEO Plugin: CyberSEO Suite

04-12-2009, 03:38 AM	#8
halfpint GFY's Halfpint Industry Role: Join Date: Jun 2007 Location: UK Posts: 15,223	I had a similar problem with WPMU and Buddy Press. If the admin added more user profile fields than what was written into the original core. Anybody that had signed up could add any code they wanted and it wasent filtered out. Buddy Press have now fixed it __________________ Get FREE website listings on Cryptocoinshops.net

04-11-2009, 08:12 PM	#2
Angry Jew Cat - Banned for Life (felis madjewicus) Industry Role: Join Date: Jul 2006 Location: In Mom & Dad's Basement Posts: 20,368	genious....

04-11-2009, 08:47 PM	#4
Angry Jew Cat - Banned for Life (felis madjewicus) Industry Role: Join Date: Jul 2006 Location: In Mom & Dad's Basement Posts: 20,368	maybe a couple months back myspace videos had a similiar javascript exploit where any javascript uld be executed through one of the input fields. they were pretty quick to get it cleared up though...