XSS in Twitter
Brooklyn, NEW YORK (BNO NEWS) – Mikeyy Mooney, the 17-year-old creator of StalkDaily.com from Brooklyn, has admitted responsibility for the Twitter worm that rapidly spread through Twitter on Saturday, stating in an email to BNO News, “I am aware of the attack and yes I am behind this attack.”
Twitter users were infected by simply visiting an infected users Twitter page. Following being infected, users began tweeting about stalkdaily.com with messages such as “Dude, www.StalkDaily.com is awesome. What's the fuss?”
Click read more for the rest of the story!
Brooklyn, NEW YORK (BNO NEWS) – Mikeyy Mooney, the 17-year-old creator of StalkDaily.com from Brooklyn, has admitted responsibility for the Twitter worm that rapidly spread through Twitter on Saturday, stating in an email to BNO News, “I am aware of the attack and yes I am behind this attack.”
Twitter users were infected by simply visiting an infected users Twitter page. Following being infected, users began tweeting about stalkdaily.com with messages such as “Dude, www.StalkDaily.com is awesome. What's the fuss?”
Mikeyy described how he carried out the attack: “I am the person who coded the XSS which then acted as a worm when it auto updated a users profile and status, which then infected other users who viewed their profile. I did this out of boredom, to be honest. I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website.”
Infected users passwords were not compromised by the worm, “since their session was encrypted”, according to Mikeyy.
The code behind the attack was linked to by TechCrunch commenter James Cox: http://gist.github.com/93782. Looking through the code, it doesn’t appear to capture user passwords.
Mikeyy explained to BNO News that he created Stalk Daily from “boredom” and because he “needed a way to make money.” He wrote, “I decided if I had site that followed the same functionality and simplicity as one of the most known sites on the web at the time then it would receive a lot of hits. While playing around and getting the site developed I started adding more features and tried to part myself from Twitter, while still giving it's still compact nature and simple use.”
StalkDaily.com is similar in design and features to Twitter. In addition to the features of Twitter, it also allows users to upload videos and photos. Through looking at the code behind Twitter, Mikeyy was able to produce a similar site to Twitter with some additional features. “I used my past knowledge to gain an insight on how Twitter worked and outputted to a user. Although both of the sites are coded in different languages I was able to give my site the same features as Twitter, while coding some of my own.”
In the past, Mikkey has worked on a couple other websites. “I have run iLoveAdds.com, a website that was mainly used as a way to get Myspace friends.. slang for 'Myspace whoring'; or 'Myspace Trains' and a website called HaxYou.com that was based on web security.”
Worm: http://worms.xssing.com/sources/twitter.txt
Original article: http://www.bnonews.com/news/242.html