A bad week for Twitter just got even worse. The service has apparently been infected by a worm originating from the owners of the website StalkDaily (Note: Do not visit this website, as it may cause your computer to become infected). At this point details are scant, but it appears that visiting the Twitter profile page of an infected user can lead your profile to become infected as well (some reports say that the worm modifies your ‘About Me’ section to include a link to the worm). Infected users begin to repeatedly spam tweets directing users to the StalkDaily website.
The attack appears to have originated early this morning, when a handful of blog posts popped up detailing the worm. However, it is only now hitting critical mass, with hundreds of related Tweets appearing on Twitter Search in the last few minutes alone. Twitter’s official Spam watching account updated this morning stating that the company was aware of the issue but that it had been mostly resolved, and just issued another update stating that it was aware of the worm’s resurgence this afternoon.
To stay on the safe side, it would probably be wise to stick with a third party Twitter client and avoiding viewing profile pages until the company confirms that the issue is resolved.
Some early comments are indicating this is an XSS attack on Twitter. Others note that the attack may have started after one of Twitter’s many third party applications took the login credentials entered by Twitter users and hijacking their accounts.
Update 9 PM PST: Twitter has posted the following update to its status page stating that the issue has been fixed:
Update on StalkDaily.com Worm 36 minutes ago
Earlier today we were informed of a malicious site that was spreading links to StalkDaily.com on Twitter without user consent via a cross-site scripting vulnerability. We’ve taken steps to remove the offending updates, and to close the holes that allowed this “worm” to spread.
No passwords, phone numbers, or other sensitive information were compromised as part of this attack.
Update: Apparently StalkDaily has updated their website to say that it has nothing to do with the attacks. Regardless, do not visit the site for the time being.
For everyone wondering, I did NOT promote and/or was involved with the spamming ON Twitter. All bad things you are hearing about this site is not true. Please reconsider as I am not the person who did this…StalkDaily is a website that follows the same functions as Twitter, except more advanced How? Well, instead of just adding an “update status”, people can add pictures and videos. Then you can stalk them, so when they upload a video or picture, or comment someone, you’ll know!