I think I'll stay off Twitter for this weekend. Hope they finish the fix soon!
Sarah
· 8 months ago
This is seriously annoying me now :|
Teddi
· 8 months ago
Wow, some people have too much time on their hands. That is just crazy. Luckily it is not malicious. I have not gotten it... yet. Thanks for sharing.
Facebook User
· 8 months ago
First worm was ok but second one in two days!
@seanyoughal
Joe Dawson
· 8 months ago
This reminds me of the frequent MySpace exploits I used to experience when I was a user there!
bunnyhero
· 8 months ago
according to a WHOIS on stalkdaily's IP address, stalkdaily.com appears to be hosted at fastservers.net. i have sent an email to their abuse team, fwiw.
mashable
· 8 months ago
The script itself was hosted at a site called mikeyylollz dot uuuq dot com, which does appear to have been shut down by its host, Zymic.
StalkDaily isn't really part of the attack, except from the creator's claim that he owns that site.
David Jackmanson
· 8 months ago
What do you mean stalkdaily isn't part of the attack? There is a message on the front page of Stalkdaily where the site admin - presumably mikeyy - openly admits he was the person behind the attacks and links to the BNO article where mikeyy claims responsibility. Mikeyy has been caught doing this before on stickam as well and received cease and desist letters - see here for evidence http://sqworl.com/?i=a11951
Mikeyy also has an account on stalkdaily where he replies to people asking him if he had anything to do with the attack - before admitting to it, he lied and said he had nothing to do with it.
mashable
· 8 months ago
David,
StalkDaily does not host the malicious code. Perhaps the means of marketing used (Twitter spamming the URL) in the last attack does violate that host's policies, but taking down StalkDaily would have no effect on this attack since StalkDaily is not involved in a purely technical sense.
David Jackmanson
· 8 months ago
In a technical sense, yes. But since the whole point of the first attack was to spam the stalkdaily site, taking it down - once there is absolutely certain confirmation that the same guy is behind both the attacks and the stalkdaily site - would ensure that he gets no benefit out of his illegal and annoying actions.
what about the post on stalkdaily's home page that claims responsibility? i'm confused.
Bob Baty-Barr
· 8 months ago
can't they just validate the color input fields for hex length? that should close the hole at least temporarily???
Television SPY
· 8 months ago
all it takes is some simple cleansing of input.
QeF
· 8 months ago
I had the attack onedegres three hours ago ...
DeGoon
· 8 months ago
I didn't see many mikeyy tweets in the last 2 hours. The peak was some 5 hours ago. So I suppose the Twitters guys found a way to eradicate this little beast...
@Sensonize
· 8 months ago
I did post a solution here: http://itwit.in/blockmikeyy/ Kindly add it Pete if possible. You can also block the 2 URLS in your router :)
Cheers!
Teejay0109
· 8 months ago
I have seen this mikey guy around but cant remember where but thanks for being here to correct and guide us :)
tj
dacort
· 8 months ago
This script is hosted over at bambamyo.110mb.com - there are various levels of obfuscation, but it's essentially the same script.
Kent Beatty
· 8 months ago
@ev, @biz, @jack - I would like to offer my services to help harden twitter.com to prevent future occurences such as has transpired this weekend. We need to eliminate any vulnerabilities in twitter while maintaining fuctionality.
I was too late in realising this. Anyway thanks for the info. Fixed it. Hey is its me who is on the fist in your list :)
GreenGordon
· 8 months ago
Isn't this a pretty serious crime?
JY
· 8 months ago
thanks pete for the tip on the mikeyy worm, check out this link on justaskgemalto, it has tips and great basic information on the different viruses and worms out there.
Guest
· 8 months ago
I had been catching up with follow-backs today, so was looking at profiles. I did not get the worm, but wanted to take precautions. So I did as one of the commenter's suggested, and went into Firefox and turned off cookies and javascript. Either I read what they said wrong, or I did the wrong thing - anyway - the result was that I could not login to Twitter, I got a 403 error: server understads your request: but is unable to execute request. I had stepped away from the computer to do something else in the interim, then wondered why it was not working. Finally remembered that I had made those two changes. I went back into Firefox tools/options menus and turned them back on; everything is fine now. Feeling foolish, but glad it was not some strange version of the worm
Visalittleboy
· 8 months ago
Hello, Thanks for the news!
Visalittleboy
oetum
· 8 months ago
Thanks for the heads up, off to look at Seesmic etc.
Enk.
· 7 months ago
Looks like #Mikeyy is back, with new annoying tweet messages. I can see my TweetDeck window Flood. Today a new cool one was "RT!! 4th gen #Mikeyy worm on the loose! Click here to protect yourself: http://tinyurl.com/cojc6s" is also by the script :D.
People, Kindly do not click shortened URL in the tweets for time being. :)
NDoubles
· 7 months ago
Now it's This is Twitters Fault ... or something of that nature...
Leon Bacud
· 7 months ago
I've found a way to determine if someone is infected with this. If you mouseover someone's name in the web timeline and the tooltip comes up with html code, the profile that person's name belongs to is likely infected.
Erika Fletcher
· 7 months ago
Update: Apparently TweetDeck users can get infected via the app.
K N Ajit Narayan
· 7 months ago
Yes, one of my Twitter accounts also got affected. I noticed that my user name and more info line had changed and I had to correct the problem. Wrote a blog post on it too- http://twittergoogle.wordpress.com/2009/04/13/m...
Jim Connolly
· 7 months ago
Props to Pete and the crew at mashable for getting on this so quickly, and with some reassuring advice.
Nice work guys,
TheTechNewsBlog
Adarsh Pallian
· 7 months ago
Blog post on how to protect yourself in case you were effected by the Mikeyy worm: http://www.pallian.com
I hesitate to make comment on this 'cause the less limelight we give the little git, hopefully the sooner he will go away and rethink his life. ASIDE from costing me money with this juvenile nonsense - it is Friday night and now I can't listen to 'MusicTillMyEarsBleed' and that is REALLY annoying. Minor irritation in the grand scheme of things. Nae worries Mikey.
Suburbia_Steph
· 7 months ago
Ugh! This happened to me today after I clicked on new profile following me called ana54321
misty_moons
· 7 months ago
Happened to me too, and I had the same follower, and about 5 others as it happened. I deleted posts made (100's of them) disabled Java, cleared cookies, temp files, history, and blocked those that followed me at the time of event. My followers have stopped following as they think I am a risk. (Well, a few, not all) 54321ana was the one I remembered, thought it was an odd kind of name. I didn't open the emails from twitter either re; new followers.
I did go and look at it spreading to over 100 people in 3 secs! If they all got 100plus posts made in their name, I am unsure of what anyone can actually do.
Jason Short
· 7 months ago
Lame, people will take anything and try to attack it. Why bother? Why not channel that energy into making something productive? Oh yes, because they are losers who prefer to tear things down rather than risk failure of their own ideas.
Best of luck to twitter - I hope they can find the guy and maybe return the favor to him
All Comments
Sachin
@seanyoughal
StalkDaily isn't really part of the attack, except from the creator's claim that he owns that site.
Mikeyy also has an account on stalkdaily where he replies to people asking him if he had anything to do with the attack - before admitting to it, he lied and said he had nothing to do with it.
StalkDaily does not host the malicious code. Perhaps the means of marketing used (Twitter spamming the URL) in the last attack does violate that host's policies, but taking down StalkDaily would have no effect on this attack since StalkDaily is not involved in a purely technical sense.
Cheers!
tj
Kent Beatty
http://kentbeatty.com
@kentbeatty
Good thing I am using tweetdeck.
Micheal
Thanks for the news!
Visalittleboy
Today a new cool one was "RT!! 4th gen #Mikeyy worm on the loose! Click here to protect yourself: http://tinyurl.com/cojc6s" is also by the script :D.
People, Kindly do not click shortened URL in the tweets for time being. :)
Nice work guys,
TheTechNewsBlog
I did go and look at it spreading to over 100 people in 3 secs! If they all got 100plus posts made in their name, I am unsure of what anyone can actually do.
Best of luck to twitter - I hope they can find the guy and maybe return the favor to him