Twitter has been attacked by XSS worms

On Saturday and Sunday, the social network Twitter was attacked by at least three worms. The microblogging service management promised the users to correct code errors. The 17-year-old Michael Mooney, also known as Mikeyy, took responsibility for the attacks.

According to Mikko Hypponen (Mikko Hypponen) from F-Secure, on Saturday, some service users began to complain that records are being created on their behalf advertising the site StalkDaily.com. Their friends, who followed the link, got to the current JavaScript that used the XSS vulnerability to infect their Twitter profiles.

After this, StalkDaily.com advertising messages began to be automatically sent from the newly infected profiles. Moreover, Twitter users could get infected by simply viewing a page with an infected profile. Over the weekend, three different varieties of this worm were identified using different XSS vulnerabilities: as soon as Twitter employees fought off one, as the next one soon appeared. Hipponen advises Twitter users not to go to other profiles, not to follow links, or better yet, simply turn off JavaScript in the browser.
')
The owner of StalkDaily.com was a certain Michael Mooney, a teenager living in Louisiana. In an interview with the publication of Net News Daily, he admitted that he wrote worms of boredom. “It was the middle of the night, and I had nothing to do. About a week ago, I noticed a XSS vulnerability and decided to use it. ”

Meanwhile, on Monday, Twitter users had their next attack. According to Hipponen, the user started the cleaningUpMikey attack.

The Twitter manual promises to take the most drastic measures in connection with the attacks. Muni realizes that he can pay his freedom for his actions, but "he does not worry."

Muni also says that he did not steal private user data. The Twitter administration also claims that passwords, phone numbers or other critical information were not affected by the attacks.
UPD Source