A simple overview of the Twitter StalkDaily virus

Twitter was hit today by the StalkDaily virus. The long version of the story is in my prior post on the subject, and its comment thread. The super-short version is:1. Twitter had a virus (or worm) whose main symptom is that your Twitter account sends out tweets like:

Hey everyone, join www. StalkDaily. com. It's a site like Twitter but with pictures, videos, and so much more! :)

2. The virus could be contracted by visiting affected Twitter profile pages.

3. The virus could be cured by ensuring that the URL in your profile (aka settings) page is as it should be. (The URL can be hacked to allow the execution of malicious scripts.) Cleaning up other fields in your settings/profile is also advisable. One can also clear cache, clear cookies, and/or change one's password, but those steps all seem to basically be an abundance of caution.

4. Using non-web Twitter clients appeared to avoid risk of infection.

5.  Subsequently, Twitter claimed to close the security hole that permitted the virus to spread.

6.  The owner of the StalkDaily website has apparently confessed to creating the attack

A slightly longer form of the story -- which I wrote before learning that Twitter claims to have ended the problem -- is:

  • Evidently due to a recent change connected to OAuth, Twitter executes malicious Javascript code.
  • That code can be triggered by chicanery in the URL field on somebody's Twitter settings.
  • Going to an affected Twitter profile page can infect you. However, if you close your browser tab within three seconds you're safe.
  • Until the storm has blown over, this is probably not a good time to check out the profile pages of new followers. For example, I and other folks were infected in just that way, specifically by the account GangsterBoyHah.

Much of this was worked out by Mark Hawker. A more technical summary of what he discovered is in the comments to my previous post about the virus. More details are in the @markhawker Twitter stream.

Other blogs have picked up on that work, including ReadWriteWeb and perhaps Mashable as well (it's not totally clear who the "we" is in that post who noticed exactly the same things the commenters on my post did).  Damon Cortesi appears to have worked out a lot of the details as well.

One thing: While I defer to Mark's perceptions over my own, I do have a couple of qualms about that precise version of the story, namely:

  • GangsterBoyHah's Twitter page was seriously malformed. Mine, while I was affected, was not.
  • Also, I never detected any problems in my settings.
  • It's tough to explain this by the fact that I use PowerTwitter (a Twitter-related Firefox plug-in).

Copyright © 2009 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022