The Conficker Worm may be capable of doing the most damage to the most systems, but the StalkDaily worm that has run through Twitter in the last 36 hours is generating more buzz.
The StalkDaily Worm (more about the name later) acts like a typical worm. It spreads itself by first infecting one or more internet pages, then working hard to spread links to that page. As new Twitter accounts are infected, they in turn send links to that page to other Twitter users, who can then be infected when they visit the StalkDaily page. In addition, it appears that a user can become infected just by visiting the profile page of a user that has already been infected, according to a CNET article.
It is important that you not visit the site for which the worm is named, or you will also be infected. Although there is some controversy surrounding the role of the StalkDaily site as the origin of the worm, there is no doubt that the StalkDaily site was infected or that the worm was spread from that site. The site owner has said that he was not responsible for the worm, and that it did not originate with him. He did admit that his site was infected with the worm and that people visiting his site might also become infected. He then went on to add a site sales pitch to his denial, which seems a little self-serving under the circumstances. Not everyone is convinced of his innocence.
Twitter confirmed that it was aware of the worm on Saturday afternoon, via its “Spam” corporate account. Their Tweet said, “If you have been locked out of your acct due to the StalkDaily issue, pls do a p/w reset; we may have reset your p/w for safety.” As late as this morning the worm was still causing issues, prompting Twitter to report, “We’re aware of the variation this morning and it should be under control shortly. Thanks for all your messages!” Apparently, this means that the original author or another hacker has already built a variant of the worm.
The worm is said to take advantage a cross-site scripting vulnerability, which allows the infected page to manipulate a user’s account without their consent, leading to an infected profile page, while perhaps also adding links to the user’s About Me page. One wonders if Twitter was aware of this vulnerability before it was exploited, and did not fix it, or if their own security analysis is lacking. Either way, once again, a major service has been brought to its knees due to lack of adequate security. This may even be as annoying as the fail-whale.