Twitter spam worm?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • 420
    cuck
    • Mar 2003
    • 11571

    #1

    Twitter spam worm?

    http://mashable.com/2009/04/11/stalkdaily-twitter

    While reports are still coming in and we’re trying to keep this lightweight enough for everyone to understand, here’s our draft summary of the steps taken by the attacker (please add info and explanations in the comments section and we’ll continue to update this). The attacker:

    1. Realized that Twitter allows you to insert not just a URL in your “bio” section, but also a script (a quick glance at the source suggests that the javascript used is hidden in the color attribute and hosted at a site called mikeyylolzuuug dot com)

    2. Created one or more Twitter profiles with malicious code in the bio sections, enticing Twitter users to visit the pages by following those users (one malicious account may have been called “gangsterboy”)

    3. When the profile is visited, the script has a delay of approximately 3 seconds before requesting the Twitter cookie and username from your browser

    4. These details are used to create an authentication token, allowing the script to execute any of the actions allowed through the Twitter API

    5. The script sends out Tweets on the affected account

    6. The script also inserts the itself into the user’s Bio section, making their Twitter account a host.
    My only question is which gif will mikey post?
    <!--BEGIN SIMUTRONICS PLAY BUTTON CODE -->
    <p align="center">

    <a href="http://buddy.play.net/dr?TMOREAU1">

    <img src="drplay.gif" width="128" height="64" alt="Play DragonRealms!"></a></p>

    <!--END SIMUTRONICS PLAY BUTTON CODE -->
  • Angry Jew Cat - Banned for Life
    (felis madjewicus)
    • Jul 2006
    • 20368

    #2
    genious....

    Comment

    • SmokeyTheBear
      ►SouthOfHeaven
      • Jun 2004
      • 28609

      #3
      youtube had the almost exact same problem a year or 2 ago
      hatisblack at yahoo.com

      Comment

      • Angry Jew Cat - Banned for Life
        (felis madjewicus)
        • Jul 2006
        • 20368

        #4
        maybe a couple months back myspace videos had a similiar javascript exploit where any javascript uld be executed through one of the input fields. they were pretty quick to get it cleared up though...

        Comment

        • 420
          cuck
          • Mar 2003
          • 11571

          #5
          7 hours ago http://status.twitter.com reported worm removed and holes fixed.

          Current trending topic:
          <!--BEGIN SIMUTRONICS PLAY BUTTON CODE -->
          <p align="center">

          <a href="http://buddy.play.net/dr?TMOREAU1">

          <img src="drplay.gif" width="128" height="64" alt="Play DragonRealms!"></a></p>

          <!--END SIMUTRONICS PLAY BUTTON CODE -->

          Comment

          • seeandsee
            Check SIG!
            • Mar 2006
            • 50945

            #6
            bump for gif
            BUY MY SIG - 50$/Year

            Contact here

            Comment

            • d-null
              . . .
              • Apr 2007
              • 13724

              #7

              __________________

              Looking for a custom TUBE SCRIPT that supports massive traffic, load balancing, billing support, and h264 encoding? Hit up Konrad!
              Looking for designs for your websites or custom tubesite design? Hit up Zuzana Designs
              Check out the #1 WordPress SEO Plugin: CyberSEO Suite

              Comment

              • halfpint
                GFY's Halfpint
                • Jun 2007
                • 15223

                #8
                I had a similar problem with WPMU and Buddy Press. If the admin added more user profile fields than what was written into the original core. Anybody that had signed up could add any code they wanted and it wasent filtered out. Buddy Press have now fixed it

                Get FREE website listings on Cryptocoinshops.net

                Comment

                Working...