Twitter worm has Twitterers aflutter and in reTweet

13 Apr 2009

A Twitter worm is on the loose, infecting profiles, and has Twitterers all aflutter, trying to figure out how to make it stop.

The worm – known as Milkeyy – sent automatically generated tweets, or messages, urging users to visit a site called Users are urged not to click on the URL.

But the real problem is profiles can get infected by just looking at a corrupt profile. It propagates even if users do not click on a URL or take any other action.

It is understood that the worm exploits a cross-site scripting vulnerability (XSS) that changes the hyperlink on the profile and uses JavaScript to propagate and send out further tweets to unsuspecting Twitter users.

In a blog post, Twitter said it has taken steps to remove the vulnerability.

“Earlier today, we were informed of a malicious site that was spreading links to on Twitter without user consent via a cross-site scripting vulnerability. We’ve taken steps to remove the offending updates, and to close the holes that allowed this ‘worm’ to spread.

“No passwords, phone numbers, or other sensitive information were compromised as part of this attack,” Twitter stated.

However, from user tweets observed this morning, the worm is still spreading, and users are urging one another to use browser tools such as Tweetdeck, rather than the Twitter homepage to avoid infection.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years