Mikeyy Twitter XSS Mutates & Continues to Attack

After a weekend that saw three XSS attacks on Twitter, apparently all originating from the same hacker, Twitter users are now seeing yet another variation of the script.

F-Secure warned yesterday that:

This is not over. There's going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don't view profiles, don't follow links. It's beautiful outside, maybe go for a walk instead?

In one minute, as I have been writing this, over 1,500 Mikeyy-generated tweets have been made on Twitter.

Unfortunately, these tweets are again fooling Twitter users into thinking they are genuine messages from those they follow and there are a very large number of re-tweets occurring.

Do any of these look familiar? If they are appearing on your own profile then your account is infected!

This is a cross-site scripting attack folks - don't RT the fake messages!

For more information about the Mikeyy script and how to clean it out of your profile if your account gets infected, see my post here: "Second Twitter XSS Attack in 24 Hours"
For information on how to protect your Twitter account from this worm, please read StalkDaily Twitter XSS - Lessons Learned

If you see tweets saying this is over and it's safe to visit profiles again, don't believe them until you have checked the Twitter status page for confirmation that Twitter is clean of infection.

Even then, it would pay to wait 24-hours to be confident that this is all over. Twitter has notified that the source of the XSS injections had been cleaned - twice now - and clearly has not yet found all sources. Stay vigilent!

If you enjoyed this post, make sure you subscribe to my RSS feed!

{ 11 comments… read them below or jump to the comment form to add your thoughts }

1 nathanrdotca (Nathan) April 13th, 2009 at 8:54 am

Please RT. Mikeyy Twitter XSS Mutates Continues to Attack http://tinyurl.com/c5r9yf
2 tazka (Pepe J. Peñalver) April 13th, 2009 at 8:59 am

@JosemariGC Tio, echale un vistazo a esto http://tinyurl.com/c5r9yf y a esto http://tinyurl.com/ctmqcw
3 jacobm (Jacob Morgan) April 13th, 2009 at 10:06 am

you guys hear about the twitter attacks? http://tinyurl.com/c5r9yf
4 MummaBear (Jacqueline) April 13th, 2009 at 11:04 am

Do's and Dont' Twitter worm latest. a must read http://is.gd/s7yP
5 chris_morton (Chris Morton) April 13th, 2009 at 11:08 am

Mikeyy Twitter XSS Mutates Continues to Attack: http://tinyurl.com/c5r9yf
6 vijayraghavand (Vijayraghavan D) April 13th, 2009 at 2:21 pm

Twitter worm?? http://tinyurl.com/c5r9yf
7 vijayraghavand (Vijayraghavan D) April 13th, 2009 at 2:21 pm

Twitter worm?? http://tinyurl.com/c5r9yf
8 ohal (Hal Brown) April 13th, 2009 at 3:05 pm

Check this out..
http://tinyurl.com/c5r9yf
9 Robotech_Master April 14th, 2009 at 1:21 am

So, is this 17 year old going to be CHARGED WITH ANYTHING? Maybe have his computers confiscated in the investigation?

I haven't seen any mention of arrests or anything like that, and this kid seems to be bragging about it.
10 Lynne Pope April 14th, 2009 at 1:49 am

I hope so. This is not the first hack this guy is responsible for - doubt it will be his last.

Twitter has said that, "The worm introduced to Twitter this weekend was similar to the famous Samy worm which spread across the popular MySpace social-networking site a while back. At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts."

Twitter Blog - Wily Weekend Worms
11 sam April 14th, 2009 at 3:02 am

Are you people serious? He's just a kid who is having fun with experimentation. This so called "worm" is not causing any real damage.