From F-Secure's Website:  Twitter worm outbreak over Easter due to Stalk Daily Publicity Stunt?
A cross-site scripting worm was spreading in Twitter profiles for several hours last night.

People started reporting that their profile had sent Twitter messages without their knowledge. Messages looked like this:


stalkdaily
stalkdaily

Later on the messages morphed several times:

stalkdaily

Many people followed the links to stalkdaily.com, as they believe the messages to be genuine Tweets from their friends. A cross-site script on the site then caused new users to start to Tweet the same messages.

stalkdaily
More info on the technical internals of the attack are available at
dcortesi.com.

As expected, the whole worm was a publicity stunt by stalkdaily.com.

You can see the latest official status of Twitter from their status page at status.twitter.com

stalkdaily

We detect the script file as Worm:JS/Twettir.A.

Updated to add: This is not over. There's going to be quite a few modified Twitter worms for a day or two. Be careful in Twitter, don't view profiles, don't follow links. It's beautiful outside, maybe go for a walk instead?

Here's one current variant:


mikeyy

All these attacks are Javascript-based. Turn Javascript off if you're worried. More info
here.
  Editor's Note: If you turn off JavaScript, you won't get a popup floating PIN Pad!



Reblog this post [with Zemanta]

Posted by John B. Frank Monday, April 13, 2009

0 comments

Payments Industry News Blog

Search the PIN Debit Blog by Subject

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers