Twitter Gets Slammed By the StalkDaily XSS Worm

CurtMonash writes "Twitter was hit Saturday by a worm that caused victims' accounts to tweet favorably about the StalkDaily website. Infection occurred when one went to the profile page of a compromised account, and was largely spread by the kind of follower spam more commonly used by multi-level marketers. Apparently the worm was an XSS attack, exploiting a vulnerability created in a recent Twitter update that introduced support for OAuth, and it was created by the 17-year-old owner of the StalkDaily website. More information can be found in the comment thread to a Network World post I put up detailing the attack, or in the post itself. By evening, Twitter claimed to have closed the security hole."

Re:Clearly he should be made to

[Anpheus]

Go and manually run anti virus software on every infected PC.

Not that kind of worm. It was purely a scripting attack involving javascript. No one's computers were harmed, only a bunch of twitter accounts. (Which can no doubt be fixed by patching the whole and some good SQL query to fix all the accounts in one go.)

Re:throw the scumbag in jail

[Teun]

Idiots like him are the reason viruses exist.

Stop right there! You are infringing on a Microsoft technology.

Re:Bit obvious

[timholman]

Cool exploit, but worm-spamming your own public site is a bit, um, not well thought out.

Especially when you read the Terms of Service on Mr. Mooney's own StalkDaily website, e.g.:

7. You must not modify, adapt or hack StalkDaily.com or modify another website so as to falsely imply that it is associated with StalkDaily.com.

8 You must not create or submit unwanted email to any StalkDaily members ("Spam").

9. You must not transmit any worms or viruses or any code of a destructive nature.

Talk about having a "Do as I say, not as I do" morality. At least it's refreshing to see that hypocrisy is not restricted to people over 30.