Jump to content

StalkDaily worm crawls through Twitter


nsane.forums

Recommended Posts

nsane.forums

A cross site scripting vulnerability in Twitter allowed the stalkdaily.com worm to spread through user's biography field in their profile

Over Saturday, a worm which uses a cross site scripting flaw in Twitter profiles has been tricking users of the social networking service and directing them to stalkdaily.com. Twitter has confirmed the problem and closed the vulnerability.

The worm consisted of JavaScript code hidden in the "Bio" section of the Twitter profile. A user would be sent to view another users profile which contained the script. The script would wait three seconds and grab the user name and twitter cookie for the user. It then used the Twitter API, with the users credentials to modify that users profile, adding the worm and sending tweets about stalkdaily.com.

Twitter users should check their profile's biography field to see if it has changed and if so, reset it. Twitter has reset the password on a number of affected accounts and those users will need to request a new password to regain access.

view.gif View: Original Article

Link to comment
Share on other sites


  • Replies 1
  • Views 901
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...