Yesterday the popular micro blogging site Twitter got attacked by a worm called StalkDaily. What it does is that virus will auto-tweet this message: “Hey everyone, join StalkDaily.com. It’s a site like Twitter but with pictures, videos and so much more.” At worst, it may lock you out of your Twitter account.
Some early comments are indicating this is an XSS attack on Twitter. Others note that the attack may have started after one of Twitter’s many third party applications took the login credentials entered by Twitter users and hijacking their accounts.
Soon after the attack, Twitter’s Spam account has issued an update stating that it is aware of StalkDaily, is working to shut it down and recommends doing a password reset if you’re locked out of your account as it may have reset your password for safety reasons.
Meanwhile the creator of StalkDaily worm, a 17 year old has claims responsibility for Twitter worm. Following is what he has described about the worm.
“I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”