Twitter Worm Attack Continues

Microblogging phenom Twitter found itself under attack by several variants of a well-known security vulnerability over the weekend which flooded the site with nearly 10,000 spam messages.

Early Saturday morning, Twitter was hit with a cross-site scripting worm (define), a self-replicating chain of code that spread links to the Web site

In a blog post Sunday, Twitter cofounder Biz Stone said that the worm had infiltrated around 200 accounts on the site, but assured members that no sensitive information, such as phone numbers or passwords, had been compromised.

As of this morning, Twitter said that it continued to battle a fourth variant of the worm that had reemerged on the site, again noting that users’ personal information was not at risk.

Stone said the worm spreading through Twitter was similar to the Samy exploit that hit MySpace in October 2005. In that attack, MySpace user Samy Kamkar unleashed a virus that spread to more than 1 million members of the popular social networking site within 24 hours.

“At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing,” Stone wrote. Kamkar received three years of probation and 90 days of community service, and was required to pay damages of an undisclosed amount.

In an e-mail to, Stone declined to comment beyond his blog post, where he said he would post updates as the situation developed.

“Twitter takes security very seriously and we will be following up on all fronts,” he said in the blog.

Mikeyy Mooney, a 17-year-old from Brooklyn, claimed credit as the author of the Twitter worm in an e-mail to As of this writing, displayed a brief message saying that the site is under redevelopment with “Mikeyy” as the signatory.

Mooney described as “based on a social networking Web site where you can upload pictures, upload video, update a status, record a video from your Webcam from the Web site, and take a picture from your Webcam.”

Asked if he had any concerns about the legal repercussions of coding the worm, Mooney said, “Yes, I do have some, I just hope it’s not too bad.”

Stone described Twitter’s weekend security travails as coming in waves. Early Saturday morning, four new accounts appeared that began spreading the worm. About five and a half hours later, Twitter’s security team began working on containing the worm. Stone said that roughly 90 accounts had been compromised.

Later that afternoon, a new variant of the worm, which Stone described as “much more intense” than the first, began spreading, infiltrating about 100 accounts.

The third wave came Sunday morning, which Twitter said it successfully halted. By its late-morning tally, Twitter said it had deleted nearly 10,000 tweets that could have helped propagate the worm.

Twitter has not come forward with any figures of how extensively the fourth wave of the worm has spread.

Twitter said it would conduct a full review of the attacks and reassess its coding practices to avoid a repeat of the episode.

Article courtesy of

Kenneth Corbin
Kenneth Corbin
Kenneth Corbin is an experienced technology writer, editor, and eSecurity Planet contributor.

Top Products

Related articles