Twitter Users Hope Cure for Mikeyy Worm Lasts

Over Easter weekend, many Twitter fans were getting worms instead of finding Easter Eggs, as the developer of a rival microblogging site (StalkDaily), one 17-year-old Michael "Mikeyy" Mooney, was busy drawing Twitter users to his site by using the so-called "Mikeyy" or "StalkDaily" worm to infect links and Twitter profiles. According to PCWorld and the Twitter status page, the infection has now been brought under control. But inquiring minds want to know, "what happened?" and "how can we stop a future attack?"

Doing a Google search for "Mikeyy" or "TwitterWorm" isn't the best way to find out, though, as the F-Secure security blog points out that fake news sites are being used to infect curious searchers with (unrelated) malware. So what really happened?

Mikeyy/StalkDaily used XSS (Cross-Site Scripting) and CSRF (Cross Site Request Forgery) attacks (we've discussed XSS a number of times here at MaximumPC.com). Website developer and Twitter expert Lynne Pope offers an excellent analysis of how the Mikeyy/StalkDaily attacks worked, and how you can protect yourself from similar exploits in the future:

The very first thing you must do to protect yourself is this - do not browse to any sites while logged on to another site. Leaving authentication cookies exposed is dangerous. Log off, then navigate away.

Ms. Pope also recommends:

• Firefox fans should use NoScript to prevent scripts from running without explicit permission.
• Use the Hosts file to block domains pointed to by malware.
• Use tools available at LongURL.org to determine where short URLs are actually pointing to (Mikeyy/StalkDaily used bit.ly and tinyurl.com to conceal the actual websites used for spreading the worm).

Were you affected by the Mikeyy/StalkDaily worm? Hit Comment and tell us your war stories.

Twitter logo courtesy of a MESS of commentary.