Sunday, April 12, 2009

Analysis: Twitter StalkDaily Worm

Twitter is again in news (surprise!, anyone). 

Another XSS worm hit Twitter creating (good, eh!) publicity of another portal -  StalkDaily. The XSS worm exploited improperly escaped profile URL field to re-display the malicious script, in this case - script src="hxxp://mikeyylolz.uuuq.com/x.js - resulting in infecting anyone who visited an infected profile.

Read more on this at: Fsecure

Strangely, that's just a small, noisy show of what XSS can do. It could have become more interesting though, using XSS to quietly infect the end-user systems & build up a botnet force. The possibilities are limitless.

Twitter seems to have rectified this issue as of now.

Until the next worm!

Safe Twitterin'  :)

No comments:

Post a Comment

Disclaimer

The views, information & opinions expressed in this blog are my own and do not reflect the views of my current or former employers or employees or colleagues.