Archive

Archive for the ‘Social Networking’ Category

Copycat Twitter Worm?

April 15th, 2009 wifijedi

 

As most of you know, Twitter was hit with a series of worms this past weekend.  They were created by 17 year old, Mikey Mooney, creator of the website StalkDaily.com (don’t visit the site).  The original worm seemed fairly innocuous, with messages that were created to drive traffic to the StalkDaily website.

I wrote a Computerworld blog post, where I detailed the original attack as well as provided a list of security recommendations.  In that post, I commented that Twitter users should be on the lookout for modified worms, especially as additional details of the original attack come to light.

After Twitter patched the original cross site scripting (XSS) flaw, which exploited the “link” field in a user profile, another variant of the worm appeared.  This time, the worm exploited the “color” setting of the user profile.   Modifying the worm highlighted that the XSS vulnerability was not limited to a single field and that Twitter would have to institute a comprehensive patch, not a band-aid solution.

The variant of the worm automatically generated tweets with the term “mikeyy”. These were sarcasitic in nature and seemed to be tounge-in-cheek.  Examples include:

  • Mikeyy I am done…
  • Mikeyy is done…
  • Twitter please fix this, regards Mikeyy

The general consensus today is that the “StalkDaily” and “Mikeyy” worms have been adequately addressed.   However, I am not fully convinced. Four days after the original worm, I am still seeing suspicious behavior.  A colleague of mine has a Twitter account that automatically started generating tweets saying “I am not here right now.”

Using a third party iPhone application, TweetStack, I am conducting periodic searches on the string “I am not here right now.”  I found that this is not nearly as wide spread as the “StalkDaily” Twitter worm, but has affected at least a couple dozen accounts.

While this could be yet another variant of worm created by Mikey Mooney, my suspicion is that this is a copycat worm created by another party (most likely a Scriptkiddie).

Are YOU still seeing anomalous behavior on Twitter?  I would love to hear about it!  Please comment below as well as notify the Internet Storm Center if you see anything noteworthy.

- WiFiJedi

Douglas J. Haider is a Principal Technologist with Xirrus.  He hosts a personal blog at WiFiJedi.com, and micro-blogs on Twitter @wifijedi (which was not infected by the Twitter worm at the time of this writing…)

Categories: Malware, Security, Social Networking, Twitter

Another law, another waste of time, another misunderstanding of the criminal mind

January 30th, 2008 Michael Farnum

Here’s another law (trying to get passed in New York) to try to stop sex offenders from getting on social networking sites, and in particular those sites where they might contact minors.  I haven’t seen the bill yet, but from what I am reading, it is essentially useless.  Just like all of these laws, it is really just political posturing.

Here are some of the details I have:

  • The bill is called E-STOP, which stands for Electronic Security and Targeting of Online Predators Act (very witty). 
  • According to InformationWeek, the bill “requires paroled sex offenders to submit their e-mail addresses and online identities to a central registry that will be used to deny them access to social networking sites. The bill also would forbid sex offenders, on parole or probation, from communicating online with anyone under the age of 18 if the offender is classified level 3 (high-risk of re-offending) or if the offender’s crime involved the Internet or a minor.”
  • According to cnet: “It would be a violation of parole for a convicted sex offender to change e-mail addresses without notifying authorities within five days.”

 

So from those last two points, we see that sex offenders must register their email, online ID’s etc., then the sites will deny access based on that database.  And also, it is a violation of parole if they CHANGE their email and don’t notify authorities within five days. 

First, notice the all caps above.  I sincerely hope there is a provision for adding emails and not just changing emails.  Second, it really doesn’t matter anyway because a criminal is a criminal.  If they are not reformed, then they are going to continue to do what they do.  Drug dealers BREAK laws.  Car thieves BREAK laws. And sex offenders BREAK laws.

I applaud the fact that this law is trying to be proactive and will probably stop a few people.  But for the most part, this is useless.  Sex offenders are going to get around this easily.  It is just too simple to fake your ID on the web.  But politicians have to justify their paycheck, so this won’t stop anytime soon.

Vet

Categories: Crime, Laws, Security, Social Networking