Twitter wrestles with fourth worm attack
Hints that it will take legal action against hackers
Computerworld - Another worm attack early Monday on Twitter kept the microblogging Web service chasing down infected accounts and deleting rogue tweets.
"Late Sunday night and into the wee hours of Monday we fought off a fourth attack," said Biz Stone, co-founder of Twitter, in an update to a blog post he originally published Sunday. "Once again, we secured the compromised accounts and deleted any material that would further propagate the worm."
The newest attack -- which followed a pair of worms Saturday and a third Sunday -- originated from a just-registered account labeled "cleaningUpMikey," said F-Secure Corp.'s chief research officer, Mikko Hypponen. Today's copycat worm infected account profiles of people who clicked on the sender's name or image in tweets like, "How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1S."
"A message like this is particularly nasty, as there were plenty of re-tweets of this malicious message sent by genuine users," Hypponen said in a blog post just minutes after Monday's attack began. "The bit.ly link got redirected back to Twitter, to user reberbrerber's profile & which would infect Twitter users who viewed it."
Twitter has since deleted the cleaningUpMikey account and the tweets it and other infected accounts spawned.
Also on Monday, Twitter again emphasized that while the worm attacks have been a nuisance, they haven't stolen any user account information. "No passwords, phone numbers, or other sensitive information were compromised as part of this renewed attack," the service's status page said early this morning.
Twitter has not responded to questions posed Sunday about the attacks, specifically about whether it had, or would, contact law enforcement officials. According to some reports, and his own Web site, teenager Michael "Mikeyy" Mooney took responsibility for the worms that circulated on Twitter over the weekend.
In his updated blog today, Stone hinted that the company would take legal action against the worms' creators. "The worm introduced to Twitter this weekend was similar to the famous Samy worm, which spread across the popular MySpace social-networking site a while back," Stone wrote. "At that time, MySpace filed a lawsuit against the virus creator, which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts."
MySpace sued, and in January 2007 Kamkar pleaded guilty to a single felony count. He was sentenced to three years probation and 90 days of community service.
- Twitter's slipping user growth spooks investors
- Get ready to tweet your questions for Twitter's first earnings call
- Super Bowl sets Twitter record, as Volkswagen launches social war room
- Perspective: Twitter's success opens up IPO pipeline
- Update: Twitter goes public at $45 a share
- With IPO cash influx, Twitter could be bigger threat to Facebook
- Ahead of IPO, Twitter shines up multimedia image
- Twitter kicks off pre-IPO investor roadshow
- As its IPO looms, Twitter faces investor grilling
- Twitter experiments with 'Event Parrot' -- a news delivery service
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts