Twitter Hit With Four Worms Over Weekend

Just when you thought it was safe to tweet again, another Twitter worm has reared its ugly head. In case you were busy hunting for Easter eggs or biting the heads off chocolate bunnies this weekend, and didn't have a chance to tweet or read other folks' tweets on Twitter, the micro-blogging social-networking site was hit with no less than four different worms over the course of the last 48 hours or so.

It all started at 2 A.M. PDT on Saturday when four-newly created accounts started spreading a worm that takes advantage of a cross-site scripting vulnerability. The worm was quickly dubbed the "" worm, because once infected, a Twitter account automatically would tweet a message promoting the Website. Simply visiting the Twitter profile page of an infected Twitter account with a Web browser with JavaScript enabled was enough to spread the infection. Blogger, Damon Cortesi examined the infected profiles and discovered that the worm hid its code in a Twitter profile's URL field.

The Twitter techs responded, and by 11 A.M. PDT on Saturday morning, they had things under control. Twitter reports that about only 90 accounts were affected. A few hours later, a second version of the worm started to make its appearance, and this time about 100 accounts were infected before the Twitter techs could nip it in the bud. This iteration took advantage of a different field in the Twitter profiles.

All seemed fine until a third variant of the worm starting making the rounds on Sunday morning; this time the worm was dubbed "mikeyy" because the infected tweet included a message from someone identifying himself as "mikeyy." Once again, the Twitter techs went to work and eventually wrestled the worm into submission: "All told, we identified and deleted almost 10,000 tweets that could have continued to spread the worm."

Of course, the onslaught was far from over: A fourth iteration of the worm started making its rounds this morning. The Twitter response team is again addressing the issue. Infected accounts are tweeting the message: "This worm is getting out of hand Twitter. - Mikeyy."

As to who is behind the worm, CNET News reports that a Brooklyn teenager, Michael "Mikeyy" Mooney, is the culprit--at least for the first two worms. Mooney created a micro-blogging site similar to Twitter, and used the Twitter worms as a way to promote his site. It is unclear at this point if Mooney is also responsible for the third and fourth variants, or if someone else used Mooney's techniques to exploit furhter vulnerabilities. At press time, the site is down and only displays a short message that says: "StalkDaily is currently undergoing redevelopment. Stay tuned guys. :) Regards, Mikeyy."

On the Twitter blog, Twitter claims that "no passwords, phone numbers, or other sensitive information was compromised as part of these attacks." The blog also states:

"The worm introduced to Twitter this weekend was similar to the famous Samy worm which spread across the popular MySpace social-networking site a while back. At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts."

There is no word yet on whether Twitter will pursue legal action against Mooney. In the meantime, the best way for Twitter users to avoid getting infected with one of these Twitter worms, is to use a third-party Twitter app, such as Twhirl or TweetDeck. If you must use a Web browser to access Twitter, you should consider disabling JavaScript or using Firefox with the NoScript add-on.