Twitter Hit by Worms Over Weekend

SAN FRANCISCO, Calif. -- Social networking blog-message site Twitter was hit by worm attacks Saturday and Sunday, created by a teenager in Brooklyn, New York who was "bored" and wanted to exploit technical gaps in the system.

By preying on a cross-site scripting flaw on the Twitter site, the worms sent nearly 10,000 spam tweets and compromised at least 190 accounts over the weekend, reports Information Week.

According to CNET 17-year-old Michael "Mikeyy" Mooney created a "StalkDaily" worm Saturday then the "Mikeyy" worm Sunday, which posted unwanted messages to users' pages, such as "Mikeyy I am done," "MikeyyMikeyy is done," and "Twitter please fix this, regards Mikeyy."

"I thought about it later and basically did it because I was bored," he told CNET. "And I didn't think Twitter would fix [the flaw] very soon. I [also] didn't think it would spread as far or as fast as it did."

Mooney is a high school senior who would like to work in the future as a security analyst. The Twitter worm was one heck on an audition, then. He said he did not intend the worm to create real damage and said he won't create any others for the site.

"I'm done with Twitter," he said. "I've been getting too much attention lately."

The first worm promoted Mooney's site, which has grown to nearly a thousand members he said, thanks to the worm. The site is similar to Twitter, as it features short messages and personal updates from members.

During the weekend attacks, Twitter users were advised to stop using its Web version and use third-party applications, as well as clicking on links with caution. The company also suggested changing one's Twitter bio, URL and changing or resetting the color scheme. Other protective steps coming from TechCrunch include disabling browser Javascript, clearing the cache and cookies and possibly changing one's password, though Twitter had told users that no passwords, phone numbers or other sensitive information were compromised

Meanwhile, Twitter seems to have de-wormed itself -- for now.

"We've taken steps to remove the offending updates, and to close the holes that allowed this 'worm' to spread," the company said in its blog. "We are still reviewing all the details, cleaning up, and we remain on alert. Every time we battle an attack, we evaluate our Web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities. Everything from how it happened to how we reacted to preventative measures will be covered."