Twitter Wrestles with Fourth Worm Attack

Another worm attack early Monday on Twitter kept the microblogging Web service chasing down infected accounts and deleting rogue tweets.

“Late Sunday night and into the wee hours of Monday we fought off a fourth attack,” said Biz Stone, co-founder of Twitter, in an update to a blog post he originally published Sunday. “Once again, we secured the compromised accounts and deleted any material that would further propagate the worm.”

The newest attack, which followed a pair of worms Saturday and a third Sunday, originated from a just-registered account labeled “cleaningUpMikey,” said F-Secure Corp.’s chief research officer, Mikko Hypponen. Today’s copycat worm infected account profiles of people who clicked on the sender’s name or image in tweets like, “How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1S.”

“A message like this is particularly nasty, as there were plenty of re-tweets of this malicious message sent by genuine users,” Hypponen said in a blog post just minutes after Monday’s attack began. “The bit.ly link got redirected back to Twitter, to user reberbrerber’s profile & which would infect Twitter users who viewed it.”

Twitter has since deleted the cleaningUpMikey account and the tweets it and other infected accounts spawned.

Also on Monday, Twitter again emphasized that while the worm attacks have been a nuisance, they haven’t stolen any user account information. “No passwords, phone numbers, or other sensitive information were compromised as part of this renewed attack,” the service’s status page said early this morning.

Twitter has not responded to questions posed Sunday about the attacks, specifically about whether it had, or would, contact law enforcement officials. According to some reports, and his own Web site, teenager Michael “Mikeyy” Mooney took responsibility for the worms that circulated on Twitter over the weekend.

In his updated blog today, Stone hinted that the company would take legal action against the worms’ creators. “The worm introduced to Twitter this weekend was similar to the famous Samy worm, which spread across the popular MySpace social-networking site a while back,” Stone wrote. “At that time, MySpace filed a lawsuit against the virus creator, which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts.”

In 2005, Samy Kamkar exploited a bug in MySpace to add as a “friend” anyone who viewed his account profile. He then copied a snippet of JavaScript to that user’s profile to continue the hack. Within 24 hours, he had accumulated over a million friends.

MySpace sued, and in January 2007 Kamkar pleaded guilty to a single felony count. He was sentenced to three years probation and 90 days of community service.