Posts Tagged ‘Mikeyy’
The Mikeyy virus hit Twitter again today, right on the back of the real-life Michael Mooney, the creator of the original virus, being hired for a security job in what many are assuming is a publicity stunt.
So, is this a copycat? Quite possibly. The exploit is certainly different; infected Twitterers send out provactive tweets to @aplusk, @Oprah, @TheEllenShow, @SouljaBoyTellem, @NYTimes and @StephenColbert, likely assuming that guarantees the best chance of spreading if these high-profile accounts get infected, too.
It also tweets a ‘Mikey got hacked!’ message, which includes a bit.ly link. Obviously, do not click on this. (UPDATE: The link redirected to an infected account, and this has now been suspended by Twitter.)
It’s spreading incredibly fast (Twitter search) – much faster than the previous hacks. My search window is updating with 100s of new results every few seconds.
Meantime, avoid visiting profiles on Twitter.com. Do not click on any dodgy links. And don’t re-tweet infected users messages. Monitor your own profile for signs of infection (if you’re sending out the tweets above, then you’re infected. Apply the cure).
2035 GMT: Twitter is aware of the situation.
2105 GMT: Some of the worm messages now say ‘This exploit only affects Internet Explorer users’. Assume the contrary.
2113 GMT: Hearing that Mac users can’t get infected. Don’t have a Mac so cannot test, but still, assume otherwise until proven. Still spreading faster than anything I’ve seen – 5,000 tweets every 15 minutes or so.
2132 GMT: Mikeyy is now tweeting advice to Twitter about their code within infected user accounts, i.e., “Twitter, do you know about the before_save model callback?” and “Twitter, BeforeSave: ForEach: DataArray: EscapeHtmlChars!!!”. What a helpful fellow.
2141 GMT: Another new tweet from infected Mikeyy users, at least within this variant: “Call me everyone! 718-312-8131″, which is the same number as last time. I believe this is (or was) Michael Mooney’s actual number, which leads me to conclude this is either a copycat or a publicity stunt tied in with his new employment (which would be very foolish indeed).
2320 GMT: Twitter have written that they should soon have things under control, and Mikeyy does appear to have slowed considerably, and may now be gone. If you think you’re infected, use the cure links above. Until next time…
Over the Easter Weekend, Twitter got hit hard, and repeatedly, by self-replicating computer programs known as worms. These hacks, which were allegedly the work of 17-year old ‘Mickeyy Mooney’, began on Saturday, initially promoting the website StalkDaily.com, of which Mr Mooney is the creator.
Twitter users became infected by the StalkDaily worm by visiting the infected profile page of another user. After infection, these users began to auto-tweet recommendations to visit StalkDaily.com on a fairly frequent basis. It rapidly spread – Twitter themselves estimated some 100 accounts were initially compromised, and 10,000 worm-powered tweets were delivered. (My guess is was actually a lot more.)
This article is made up of two parts. In the first, I will provide some detail on the events of the Easter weekend as they transpired from my perspective, and share information on how I reacted to the worms as they broke and delivered a lot of traffic to this blog.
I first noticed the StalkDaily worm when a couple of users I followed began to tweet about the site repeatedly. I thought it strange practice; very out of character. Another user then replied to me directly to ask if I knew why her account was delivering these auto-tweets, and so I investigated the matter further.
Pretty soon, two things happened. One, I realised it was an exploit of some kind, and two, by visiting a few profiles to see what was going on, I was now infected myself. I looked at my own profile, and sure enough I’d sent out four StalkDaily.com auto-tweet recommendations without my knowledge or consent.
A new strain of Mikeyy is running rampant on Twitter today and the stream is focusing on little else. Twitter is working on the issue, and while I’m confident they’ll continue to close these loopholes, I’d expect mutations of these worms to continue to be an issue for the next day or two.
Meantime, a lot of people have asked me: how can I tell if I’m infected? There are several ways. And if you are, don’t panic – it’s a pretty simple cure.
Check Your Profile For Tweets You Did Not Send
Visit your profile page on Twitter (mine is http://twitter.com/sheamus). Scan through your tweet timeline for any tweets you did not send. These will say things like ‘Call Mikeyy’ or ‘Twitter, hire Mikeyy!’.
Mikeyy is a similar Twitter exploit to yesterday’s StalkDaily. It can be removed pretty easily if you are infected.
(To see if you are infected, check your profile timeline for Mikeyy-approving tweets you didn’t submit yourself. They should be pretty easy to spot.)
How To Remove Mikeyy
- Close down any exernal Twitter clients (i.e., TweetDeck or Tweetie).
- In your Twitter settings page, delete anything suspicious that you did not add yourself. Check everywhere carefully, but it’s usually in the URL or location fields.
- Consider resetting your password on Twitter. There is no evidence that these hacks are malicious enough to break into your Twitter account, but why take the risk? You may also like to clear your cookies and cache (which can be found in your browser’s settings).
- Once done, log back out of your account and then back in. If Twitter has locked your account, or does so in the future, you will have to ask for a password reset.
Mikeyy is not being hidden in shortened URLs, but you may wish to avoid clicking on these from sources you do not absolutely trust in case the URL takes you to an infected profile or other varient of the exploit. Likewise, avoiding visiting user profiles on Twitter or within TweetDeck until Twitter has said with absolute certainty that the threat has passed. Monitor Twitter’s status page for updates.
UPDATE: There have been some reports that infected profiles are visible by rolling your mouse over their username on Twitter.com. If infected, code is sometimes visible after their username in the URL bar. This can help you to avoid infected profiles.
These tips will likely work for any similar exploits on Twitter. You should also take all necessary precautions to protect yourself in the future.
(Lynne Pope has more detail and additional steps you can take at her blog.)
APRIL 12 UPDATE: Twitter has commented on the steps they took and are taking to handle these exploits on their official blog. As of 2130 GMT, and judging by instances on Twitter search, Mikeyy seems to have been defused. Panic and hyperbole remains – help out Twitter by forwarding concerned users to this blog. Thank you.
APRIL 13 UPDATE: (1000 GMT) Mikeyy seems to have returned en masse (Twitter search), likely with a new strain. Twitter is once again addressing the situation. Meantime, you can take the steps above to remove Mikeyy if you are infected. Please share this post with all your friends on Twitter. Thank you.
APRIL 17 UPDATE: A new strain of Mikeyy returned to Twitter. The cure remains the same.
UPDATE: This article was written prior to the return of the Mikeyy virus, but the advice remains relevant and is good practice.
Thus far, nobody really knows what happened yesterday on Twitter with the StalkDaily explot. There’s been some speculation and the good news was that Twitter moved quickly to eliminate the problem. A 17-year old by the name of Mikeyy Mooney has claimed credit for the script, and looks responsible for the latest one that is doing the rounds (or is being scapegoated/glorified).
Twitter claims that nothing was jeopardised and I’m inclined to believe them. Still, when I recommended folk reset their passwords yesterday I was quite surprised at how many responses I got claiming that this course of action was either unnecessary or mad.
Here’s what I think: even if there was no risk to your password, why take the risk? If StalkDaily or whoever was responsible managed to find a way to add a script to my profile through a loophole on Twitter, what’s to stop them, or that script, doing something else?
Surely a policy of ‘better safe than sorry’ applies in all cases like this? You can always change your password back if you later discover there was no threat to your security. Hindsight is twenty-twenty.