Second Twitter worm infects user profiles (April 12, 2009)

Second Twitter worm infects user profiles; author says more to come

From the BNO Newsroom. Reporting by Michael van Poppel.

Brooklyn, NEW YORK (BNO NEWS) -- Some 24 hours after a worm spread advertising on Twitter, the popular social networking website, a second worm emerged on Sunday and its author said more could be on the way. Both worms were created by Mikeyy Mooney, a 17-year-old from Brooklyn, New York.

The first worm emerged on Saturday when Twitter profiles began posting messages which encouraged people to visit StalkDaily.com. The owner of the website, Mikeyy Mooney, told BNO News that he was responsible. "I am aware of the attack and yes I am behind this attack," he said. Mooney said he created the worm to "give the developers an insight on the problem and while doing so, promoting myself or my website."

Later that evening, Twitter said they had resolved the problem. "We've taken steps to remove the offending updates, and to close the holes that allowed this worm to spread," a statement read.

Hours later, a new worm which appeared to be similar to the first one, made its way into the Twitter community. Infected users spread messages such as "Mikeyy is done" and other Twitter users start doing the same if they are logged on to the site and visit an infected profile, which makes the worm unusual as no action is required to get infected. A review of the script by BNO News showed it is the same worm from Saturday, except for the fact that it is spreading a new message and is hosted on a different server. Mooney confirmed to BNO News that he is behind the two worms and said more could be on the way. "[It] seems they still haven't sanitized their input fields for the XSS," he said. It is currently unknown if he may face legal action.

Click here to read our earlier story in which Mooney described how the worm works and why he did it.

As Twitter said, and which Mooney confirmed, the worm is mostly harmless. No passwords or other sensitive information are stolen in the attack.

If you are infected, there is no cause for concern. Simply follow the 5 steps below to remove the worm from your account:

Go to www.twitter.com.
Log in to the infected account.
Go to "Settings" in the menu.
Under "Name", remove the text in the field (which has been edited by the worm).
Remove the text under "More info URL", which has also been edited by the worm.

When you completed those 5 steps, the worm is no longer active on your profile but you can get easily re-infected. For now, until the problem has been solved, BNO News recommends that you not visit any accusation Twitter profiles.

Stay with bnonews.com and "BreakingNews" on Twitter for the latest up-to-the-minute news updates.

###