Twitter Worm: A Closer Look at What Happened

twitter worm how it happened
It looks like Twitter's website has been scrubbed clean after several bouts of the "Mikeyy" or "StalkDaily" worm plagued the service. Even though the threat seems to have passed, questions remain about just how serious this attack was and if there will be any repercussions for the worm's creator.

Worm Attacks Bird

Early on Saturday, April 11, the Mikeyy worm started to spread via Twitter posts by encouraging you to click on a link to a rival microblogging service StalkDaily.com. As soon as you clicked on the link your account would be infected and begin to send out similar messages encouraging your followers to visit StalkDaily. Then your followers would become infected and the worm's infection rate would grow. You could also catch the worm by viewing infected profiles on Twitter.com.


Twitter fell victim to about four different Mikeyy worm attacks, but now seems to be worm-free, according to the BBC. The security firm F-Secure tracked one particularly crafty version of the worm: users would receive a message telling them how to remove Mikeyy and would be encouraged to click on a URL shortened using the bit.ly service. The bit.ly address would then redirect users to a Twitter profile named "reberbrerber," where users would be automatically infected. Since this variant of the worm used bit.ly to redirect traffic, F-Secure was able to track the worm. According to the company, the bit.ly variant of the worm mostly affected users in the United States and was clicked on well over 18,000 times.

Mikeyy was authored by Michael Mooney, the 17-year-old creator of StalkDaily.

Attack flirted with distaster

By malware standards the Mikeyy worm was relatively benign since it only directed users to a rival site. However, F-Secure's chief research officer, Mikko H. Hypponen, told the BBC the attack could have been much worse. Hypponen says it would have been a simple trick for malware authors to modify the worm to infect a user's computer, where more serious offenses like identity theft could have occurred.

Even more worrying is the fact that this worm used a well-known exploit and has infected other social networks in the past. According to Twitter's blog, Mikeyy was similar to the Samy worm that infected MySpace in 2007.


Aftermath

While it seems that Twitter has stomped out the Mikeyy worm, it is unclear whether Twitter is still vulnerable to this kind of attack. Twitter says it is conducting "a full review of the weekend activities," and that "everything from how it happened, how [it] reacted, and preventative measures will be covered." However, Twitter has yet to say whether this type of attack can happen again or why such a common exploit was left vulnerable in the first place?

The fate of Mooney, however, seems a little less ambiguous. Referring to the 2007 Samy worm, Twitter notes that "MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing." Twitter then goes on to say that it "takes security very seriously" and "will be following up on all fronts." So much for Mikeyy and perhaps even Mikey.

Subscribe to the Security Watch Newsletter

Comments