Yesterday, Twitter was hit by another worm, currently being referred to as the "StalkDaily" worm. Unlike the last worm we saw, this one didn't require a user to click anything. Merely hitting an infected profile page was enough to infect you as well. It appears "all" the worm did is to commandeer your Twitter account and use it spam Tweets promoting StalkDaily.com, with no lingering maliciousness. If you were infected, your Twitter account sent out Tweets saying something like Join StalkDaily.com everyone or Woooo, StalkDaily.com :), but infection apparently came not from that site, but by visiting an infected profile page. Using a 3rd party client protected you from the whole mess.
For a technical explanation of what was going on, I refer you to Damon Cortesi's Twitter StalkDaily Worm Postmortem. An easy way to check to see if you've been infected is to search twitter for "{your username} stalkdaily.com" and see if you get any hits. If you do, and you don't recognize the Tweets that come up, you're probably infected. Twittercism (who also provided the info on how to detect infection) has details on removing the worm.
According to TechCrunch, the StalkDaily at first claimed no responsibility for the worm:
For everyone wondering, I did NOT promote and/or was involved with the spamming ON Twitter. All bad things you are hearing about this site is not true. Please reconsider as I am not the person who did this…StalkDaily is a website that follows the same functions as Twitter, except more advanced How? Well, instead of just adding an “update status”, people can add pictures and videos. Then you can stalk them, so when they upload a video or picture, or comment someone, you’ll know!
However this morning StalkDaily (which I advise you to not visit) says: "I have came [sic] clean and have accepted the responsibility for the worm, read the interview here, http://www.bnonews.com/news/242.html."
Deciding which statement is the truth and which is the lie, I leave as an exercise for the reader. However, BNO News is not a site I've ever come across before today, and in fact it has a "Coming soon" message and a request for donations on its front page. A curious outlet to choose in order to 'come clean' at. Could this all have been an elaborate ruse to drive traffic and secure donations for BNO News?
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
The worm has NOT been defeated!
Twitter's post saying that the worm has been dealt with is at least eight hours old. SINCE THEN the worm has launched new attacks. Please don't spread info that the worm has been defeated yet!See here for how to get the little brat who did this kicked off the Internet.
And you should really check out BNO's Twitter account, they have been breaking news for several months now:
http://twitter.com/BreakingNewsOn
except, don't visit ANY Twitter profiles until we hear the CURRENT edition of the worm has been defeated.
Recommend it to anyone.
Search-and-destroy Antispyware is the best scan that I have used to keep my PC clean and working like new. It’s a great scanner that finds all the same bugs that other scans such as Norton can find. What’s even better is that it cost less than many of the other options. I found the antispyware solution from Search-and-destroy at http://www.Search-and-destroy.com and decided to give it a try. That was one of the best decisions I ever made. I’m very happy with this scanner and would recommend it to anyone that wants to protect and care for their PC so it will last as long as possible.