digg

Facebook Connect Join Digg About

How To Remove StalkDaily.com Virus From your Twitter Account

twittercism.com If you've been tricked into visiting StalkDaily.com (whatever you do, don't do it now), even without registering or logging on to the site it somehow infects your Twitter profile with a hack of some site that will make you auto-tweet recommendations to the site all day long. It did it four times for me before I noticed.

Who dugg this? Made popular Apr 12, 2009

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

56 Comments

show profanity settings
expand all
  • inactive, on 04/12/2009, -13/+1161. Delete your Twitter account
    2. Do something productive
    3. ???
    4. Profit
  • colonelxc, on 04/12/2009, -6/+35In this case, there is no "???" step, you've already profited by doing something productive and deleting your twitter account.
  • ichthys, on 04/12/2009, -0/+27I CAN REMOVE THE BUG FOR YOU! Just send me your twitter login and password. 100% guaranteed results!

    xD
  • CheeseburgerBro, on 04/12/2009, -1/+25Yes, you can now get cooties from Twitter. Yes, it was inevitable. No, the exploit has not created a Twitter botnet. Yes, it has been patched. No, 140 character should be enoug
  • TheSpook, on 04/12/2009, -0/+22You are still vulnerable to other worms, like ring or heartworm.
  • decker12, on 04/12/2009, -2/+23I don't understand how this spam service suddenly knows your twitter password? Anyone care to clue me in on how this spam actually works?
  • binaryspiral, on 04/12/2009, -2/+21it doesn't... you have to give it your password. It's a phishing site that more than enough idiots have fallen for.

    The site's creator has already confessed, read it. Oh, and I actually went to the site because I'm pretty confident that my password is safe.

    http://www.bnonews.com/news/242.html

  • BuzzEdition, on 04/12/2009, -1/+16We knew this was coming to Twitter eventually. I'm sure this is the first of many. =(
  • inactive, on 09/13/2009, -2/+13I am glad I was busy with other things today.
  • Wade, on 04/12/2009, -0/+10If you go to the website it points you to this site, and admits culpability for the worm: http://www.bnonews.com/news/242.html
    If you don't want to visit stalkdaily or the 'news' site (which might also be a front for the worm), this is the jist of it:

    "I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website." - Mikeyy Mooney
  • briguymaine, on 04/12/2009, -1/+10you are only vulnerable to having a life.
  • Cl1mh4224rd, on 04/12/2009, -0/+9Or, you know... just call and email your buddies, explain the situation, give up on Twitter, and save yourself $5...
  • MtheoryX, on 04/12/2009, -0/+8This should have been posted as a Yahoo! question.
  • Digglet69, on 04/12/2009, -1/+9Can we read about it on your twitter?
  • buddamus, on 04/13/2009, -2/+10Am I the only one that doesn't see the point in Twitter?
  • crgnetworks, on 04/12/2009, -3/+11You know, I thought blogging was the worst waste of time for people with unrealistic views of self importance... Then Twitter came along.
  • crimsoncs, on 04/12/2009, -0/+7It goes a little something like this:
    1. He posted a tweet that bypassed twitter's filter that would request a javascript file anytime anyone viewed the post.

    2. Since the javascript file was requested from twitter.com, it can make twitter requests from your logged in session. example: make a POST request to twitter that will update your profile with the same code that requests the javascript file.

    3. Anyone that views your page with your updated profile will request the same javascript code and then their account's profile will be updated with the 'virus'
  • Otto, on 04/12/2009, -0/+6No, it was a cross-site-scripting bug. Meaning that as long as you were logged into twitter already in your browser (cookies and such), it would work. It didn't need your credentials.
  • mattharvey716, on 04/12/2009, -0/+6trying to resist going to stalk daily..
  • Louis11, on 04/12/2009, -0/+5It's an XSS (Cross Site Scripting) vulnerability. The basic idea behind said vulnerability is the ability to inject scripting/html into a page and have it execute as though it was part of that page. For instance, if a filter did not properly sanitize a search field, and you searched with "<script>alert(document.cookie;)</script>" then when the page loaded it would create a javascript alert with your cookie data. If you where logged in, then you could essentially take this cookie and reinstate it on another computer and login as the user who owned that cookie.

    I believe the twitter worm worked in a similar fashion, except instead of manually reinstating the cookie they had some automated system to post the javascript code to other users pages when they visted an infected page. Thereby spreading the worm in what we would consider a traditional manner.
  • crimsoncs, on 04/12/2009, -1/+6Oh, I forgot:

    4. ????: Have the script change your twitter account's email and password. Send an email to you stating that if you ever want to see your precious twitter page again, paypal him $5

    5. Profit

  • Otto, on 04/12/2009, -0/+5It wasn't a phishing attack. You didn't need to give it your password.
  • mrshickadance9, on 04/12/2009, -2/+7or you could go do something with your life instead of reading what other people are doing 24/7.
  • StandardsDT, on 04/12/2009, -4/+9Did you not read the article? It has nothing to do with a specific OS. Buried.
  • mhollerb, on 04/12/2009, -1/+5I think it would be pretty damn funny if that link directed people to the virus site.
  • Louis11, on 04/12/2009, -0/+4It's a cross site scripting issue. It has nothing to do with stealing your saved passwords . . .
  • cyrusuncc, on 04/12/2009, -1/+4My guess is that you would have had to log into twitter during that same session for it to do anything..
  • inactive, on 04/13/2009, -0/+3Use a toilet napkin when pooping in public
  • humpsalot, on 04/13/2009, -0/+2i'm gonna twitter about removing this virus
  • crypulse, on 04/12/2009, -3/+5Well you got one thing right. *bury*
  • pilot3033, on 04/12/2009, -3/+5using a desktop client like TweeDeck avoids the problem all together. As does running firefox with noscript.
  • Wade, on 04/12/2009, -4/+6http://gist.github.com/93782
  • TheSpook, on 04/12/2009, -1/+2http://www.bnonews.com/news/242.html

    I believe you have to give it your Twitter creds, and once it does that, it adds an XSS attack to your Twitter profile that propagates when people visit your Twitter page, which probably means it works with any modern GUI browser.
  • pronouncable, on 04/12/2009, -2/+3then?
  • vptel, on 04/13/2009, -0/+1lucky i don't twitter, i've twatted tho
  • camintmier, on 04/12/2009, -4/+5BNONews says the author of the worm is 17, so I'm pretty sure he'll unfortunately just get a slap on the wrist if any legal action comes about.
  • SquareWheel, on 04/14/2009, -0/+1@chazuk: Please don't post that again.
  • rsHoratio, on 04/12/2009, -2/+3"put your head between your legs and kiss your own ass"
  • donosaurr, on 04/13/2009, -0/+1"It is easy to become unsettled by privacy-eroding aspects of awareness tools. But there is another — quite different — result of all this incessant updating: a culture of people who know much more about themselves. Many of the avid Twitterers, Flickrers and Facebook users I interviewed described an unexpected side-effect of constant self-disclosure. The act of stopping several times a day to observe what you’re feeling or thinking can become, after weeks and weeks, a sort of philosophical act. It’s like the Greek dictum to “know thyself,” or the therapeutic concept of mindfulness. (Indeed, the question that floats eternally at the top of Twitter’s Web site — “What are you doing?” — can come to seem existentially freighted. What are you doing?) Having an audience can make the self-reflection even more acute, since, as my interviewees noted, they’re trying to describe their activities in a way that is not only accurate but also interesting to others: the status update as a literary form.”

    I was very much a skeptic of twitter and just decided to jump in to test the waters. After a few months of regular, moderate use, I have discovered that it certainly can have a function and prove to be quite productive. It all depends on how you decide to use the medium.
  • LightSpeed4, on 04/12/2009, -3/+4twitter got a virus? yes!!!!!!!!!!!!
  • xino, on 04/13/2009, -0/+1http://www.grc.com/securitynow.htm Listen to episode of 86 of Security Now and that will go more in depth on what cross site scripting is.
  • ThantiK, on 04/12/2009, -4/+4Why can't this happen to myspace and facebook users more often?.../sigh
  • Hefelumpman, on 04/12/2009, -7/+6You must be a Mac fanboy who doesn't know what cross-site scripting is.

    How *wonderful* for you!
    /s
  • kenn4000, on 04/12/2009, -7/+6what if i dont have a twitter account.. am i still at risk?
  • sodoh, on 04/12/2009, -3/+1but but, if you don't have a twitter account how would any one know?
  • alpha88, on 04/12/2009, -3/+1Social engineering != hacking.
  • TheSpook, on 04/12/2009, -4/+1It's harmless if you don't give it your credentials.
  • muzzy, on 04/12/2009, -5/+2As does not falling for phishing schemes...
  • HairyPoter, on 04/13/2009, -5/+11. uninstall windows
    2. install linux or change to a mac.
  • Fetching more discussions...
    Show 51 - 59 of 59 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.