Twitter cleans up after weekend worm attacks
Twitter security engineers were cleaning up on Monday following a series of worm attacks over the weekend, including at least two credited to a bored 17-year-old.
In the first attack, which began early on Saturday, four new accounts began spreading a worm, compromising about 90 accounts, Twitter co-founder Biz Stone wrote in a posting on the Twitter blog.
The worms appeared to do no damage other than spread to infected users’ followers and modify profile pages. You can get infected just by clicking on the name or image of someone whose account was infected.
Later that afternoon, about 100 accounts were compromised in a second wave, followed by another wave on Sunday morning, he wrote. Nearly 10,000 tweets that could have spread the worm were deleted, according to Stone.
Late on Sunday and into Monday morning, Twitter fended off another attack, he said. “Once again, we secured the compromised accounts and deleted any material that would further propagate the worm,” he wrote. Stone declined an interview request from CNET News, saying he didn’t have time.
The worms exploits a common vulnerability in Web applications called cross-site scripting, which allows someone to inject code into Web pages others are viewing.
In this instance, Twitter users who clicked on the name or image of anyone sending the worm messages would get infected and then send the message on to all that person’s followers. Anyone viewing an infected user’s profile would also get infected and pass the worm on.