Worm Infects Twitter Tweeters In Four Attacks
The worm, a computer program designed to propagate and infect users over a network, targeted the San Francisco-based Twitter site in a series of four attacks from Saturday morning until early Monday morning.
Twitter co-founder Biz Stone said in a company blog that the attackers initially created four accounts that rapidly spread the worm over the site early Saturday morning. Stone said that Twitter's security team was deployed later that morning to address the threat, which had compromised about 90 accounts by 11 a.m.
Twitter was hit with a second round of attacks Saturday afternoon that Stone said were "much more intense" and upped the compromised accounts to about 100. The malicious worm hit Twitter users yet again on Sunday, and then struck again early Monday morning.
Stone maintained, however, that the worm did not appear to acquire passwords, phone numbers or "other sensitive information" typically used in attacks for identity theft purposes.
Michael Mooney, 17-year-old creator of StalkDaily, from Brooklyn, N.Y., confessed to BNONews.com that he launched the worm Saturday morning in order to expose Twitter's weaknesses and gain publicity for his site.
"I did this out of boredom, to be honest," said Mooney, also known online as "Mikeyy." "I usually like to find vulnerabilities within Web sites and try not to cause too much damage, but start a worm or something and give the developers an insight on the problems and while doing so, promote myself or my Web site."
Mooney said that the worm stemmed from a cross-site scripting vulnerability that he coded to propagate and act "like a worm" when it auto-updated users' profiles and statuses.
However, Stone maintained that security personnel finally secured the site following the last attack Monday morning. Altogether, Twitter security staff identified and deleted almost 10,000 messages, known as "tweets," that could have been used to spread the worm, he said.
"Once again, we secured the compromised accounts and deleted any material that would further propagate the worm," Stone said.
Social network sites Facebook and MySpace have had to deal with security threats such as worms, spam and other malware that have infected millions of users in multiple attacks. Stone said that the Twitter worm shared characteristics with the renowned Samy worm, which infected numerous MySpace accounts in 2005. Meanwhile, security experts say that Tweeters should expect similar attacks in the future as the microblogging site grows in popularity and gains market share.
Stone said that Twitter takes security "very seriously," and subsequently planned to conduct a comprehensive review of the problem in order to ascertain the cause of the attack and evaluate Twitter's response to the attack and preventative measures.