Art & Inspiration Blog

The weekend attack on Twitter reawakened on Monday morning.

The attacks are revving up and becoming more insidious. While it appears that the worm is just aimed at Twitter code, as reported by @BreakingNews and predicted by this site and owner @judyrey last night, the newest threat is coming from links, especially shortened URLs. This means the attack is now using Twitter to reach people, not simply involving Twitter code.  This stinks of either phishing or infecting PCs with viruses.

This echoes the previous phishing attack on Twitter of January 2009. At the time of that attack, people whose IDs were compromised were quickly warned to change their passwords and information regarding any online banking, credit cards or money accounts, as well as other important accounts, such as web sites they owned. This was especially true if the password was the same as the one used for their Twitter account.

At the time of this writing this is the only blog or article that is issuing the warning about the other accounts. I dislike pointing out how right on I have been so far as to predicting the course this worm is taking. My ego does not need this. But, I am including my past comments and predictions to show that so far I’ve been hitting homers as I call the next event. Maybe that will convince you to take the protective measuers that I advise.

It’s been quite a weekend on Twitter due to the worm attacks launched. Reportedly these attacks are the handiwork of Mikey Mooney a 17 year old Brooklyn resident.  An attack using the words StalkDaily,com beagan on Easter eve.  After that news was tweeted and ReTweeted and people learned the news, wregained access to their accounts and Twitter issued an all clear things seemed to quiet down

I Tweeted that i was waiting for the other shoe to drop. You can see that Tweet  in my timeline.

The next Morning, sure enough, there was a new threat. This time from the Mikey worm. It continued on all day, without Twitter managing to resolve the problem. Again, despite the fact that it was fairly quiet, I letf for bed about 2 AM EDT tweeting that this was only a lull before the storm

Monday morning, EDT, following a Tweet by @spam, Twitter’s cop that it seemed the situation was under control, all heck broke, as as this is written continues to break loose.

As I went to bed, I tweeted, “It ain’t over”. Sad to say, that remains true.

Ask yourself this, would a simple bored teenage prankster go to this much trouble simply to show Twitter that it is vulnerable? If so, why include links, since that clearly moves the problem off of Twitter.

The attacks are obviously well orchestrated. Like a general the campaign progresses. One attack leads to a carefully planned next attack after a lull. I am vey familiar with the Art of War by Sun Tsu. Apparently so is Mikey Mooney or whoever is behind the attack.

The hassle of the worm seems harmless. It is annoying, a time waste, but essentially, that is all. I believe that is what we are being made to think. So we let our guard down after several days of new worm attacks.

I think — and I truly hope that I am wrong– that what happens soon will be one of two things,

The first choice is that people whose accounts are compromised have data stolen from their computers. Most of this data would be financial and personal. It could, and probably will be used to take money out of accounts or use charge cards, etc. This will be done by off shore accounts.

The second and far worse idea is that PCs will be infected with a virus that they will spread to to others, possibly in emails.  Like the conflicker virus it could lie dormant for a while to seemingly remove it from this annoying, but so far legal attack on Twitter.

Although there is a news report that Mikey Mooney, a 17 year old kid is taking credit for the attacks and that the Stalk Daily site is registered to him, there may be more to this.  Others, who may not reside in the USA may be involved.  I cannot prove it, but by the time anyone can a great deal of damage will have occured.

Is this speculation? Sure. But, there has to be a better reason behind the second attack than boredom.

WHAT TO DO IF YOU’RE ON TWITTER NOW

•  DO NOT click on any Avatars or Twitter IDs, for instance, mine is @judyrey. Instead cut and paste them if you want to message anyone directly. Profile pages are infecting visitors, and by the time you can tell a person’s page is infected, it is too late—so are you!

•  DO NOT, send or RT any shortened URLs except for the ones in the updates at http://twitter.com/mashable PERIOD! Do not even trust shortened URLs that seem to come from @mashable in RTs. The sender could be a compromised account.

•  Use only full domain URLs. Such as http://ungravenimage.com/blog . Although this is not actually a direct link to this post, it works and is safe.

•  If you have the browser FoxFire use it instead of I.E. and immediately download the FREE NoScript app at https://addons.mozilla.org/en-US/firefox/addon/722

•  Accessing Twitter on the Web use 3rd party app like TweetDeck or Seesmic Desktop for now Am not sure if this will totally prevent infection but you are less likely to be. Again, avoid profiles, which are a source of the infection.

•  If You’re not using Firefox with NoScript then disable javascript in your browser.{Note—readers are requested to post info in comments to this post as to how to disable javascript in IE, Foxfire, Chrome & all other browsers. TY!]

•  If you use the same password on Twitter that you use for any other accounts change your Twitter password immediately!

•  Check your own Twitter settings to make sure your account has not been compromised. Look to see that your location and the URL listed are correct. If they are not correct you are infected.

WHAT TO DO IF YOU ARE INFECTED- OR THINK YOU MAY BE

In your browser settings, clear your cache and cookies (Smart to do now even if you are not infected. I did it last night, although you have to reenter many passwords to sites manually as a result.

1. Turn off javascript in your browser
2. Reset your Twitter password
3. Go to your online financial sites and change your passwords and log in names. Do this even if the passwords and names differ from those on Twitter. Best to be fully safe.
4. Go to Twitter and fix any changes to your profile such as your website’s URl or your location. Check carefully for any changes.
5. Change any other valuable passwords where you could be vulnerable, such as to your website(s) or other social media sites.
6. Re-enable javascript and check the Design section of your Twitter profile. If anything has changed, fully delete it . Then replace with your own avatar, colors or background.
7. Delete any tweets made on your account by anyone but you, especially look for ones that contain the Mikeyy or Mickeyy name or StalkDaily;
8. Log out of Twitter.
9. Log in to Twitter using a third party app or Foxfire with NoScript installed to access Twitter on the web.
10. to make sure there are no changes to your profile colors. If there are, delete these too and replace with whatever colors you want.

Note that no one has yet reported that their financial info has bee breached, credit cars uses, etc., but this is a holiday weekend. If this happens it will not be immediately noticed. So if your information has been compromise by the Mikeyy or StalkDaily worm take action now. Then watch your credit cards and other information carefully for awhile.

MESSAGES TO WATCH FOR:

Reportedly these messages were launched from compromised accounts. If you see one, avoid going to that Twitter account’s profile page – but at this point you should avoid ALL profile pages. Period. Send a reply using cut and paste only. Do not click on avatars or on @ IDs.

•  UPDATED–Any Tweets with word Mikeyy can come from an infected source or ID. This means that even the people sending good info and updates about the worm, virus or attack can be infected—or not. One of the most insidious aspects of a phishing or worm attack on Twitter is that the messages coming from the people we trust may not actually be from them.

•  Be extra careful about messages that report the attack is over. If you see such messages DO NOT click on any link. Instead check out the info at http://twitter.com/mashable and http://blog.twitter.com directly for yourself. On Monday AM messages were being sent, some mistaken but genuine, some from Mikeyy that the problem was over.

• URGENT- Do NOT click on any shortened URLs! There is no shortened URL that is so important that you must see it.  Think about it. If I’m smart enough to realizs that sending a shortened URL that seems to give info about how to avoid the worm or virus, fix it, or breaking news will get people to click and become infected, then so is Mikey. So only click on URLs that show a complete and known domain. http://ungravenimage.com is such a URL.  Do not click on any domains or URLs with the words, Mikeyy, Mikey, Mooney, Michaelangelo, Stalk or Daily or “Notify Me”.

•  Keep a tab open at http://search.twitter.com and check #Mikeyy  for updates. Keep an eye on the right column’s trending topics. Mikeyy has said another attack will launch to change out Twitter backgrounds. It is quite possible that we can expect more problems.

•  Keep another tab open at http://search://twitter.com and enter @judyrey to see all my recent updates on theongoing Mikeyy problem Since I am not sending shortened URLs almost everything I tweet right now concens this problem

• BEWARE-NEW-There is a question about any Tweets that contain the words “Notify me”. For now stay away from any URLs that lead to anything with the words “Notify me” . This could be phishing or infect your PC, etc. Until more is discovered you can live without this app. If and when it turns out to be safe, I’ll announce it. However, as soon as I pounced on it in the stream warning others off, it disappeared from the stream. If that app was asking for any Twitter IDs or Passwords, it could be a phishing site.

•  Follow me: http://twitter.com/judyrey I have helped in the prior attacks [See: Life Lessons Learned from the Phishing Attack on Twitter ] I also helped last night [See: Phishing Attack of Stalk Daily Worm on Twitter ]

I have stepped in now and have stepped in to help in the Twitter Village at other times. I will continue to do my best to help my followers stay safe. If you study the lives of artists like van Gogh, Da Vinci, Picasso, Goya, David, etc. you will note that artists often step in to help or alert their communities through their art, but also by participating. In a way, to me, being a helpful part of my community is a part of my job description and role as an artist.

HOW TO BENEFIT FROM THESE ATTACKS

Mikeyy has fond a great way to reveal some of the very best people to follow? Who better top follow that the people who will watch your back, alert and update you to problems?

Use http://search.twitter.com and enter in pertinent keywords, such as #stalk, #stalkdaily, #mikeyy, #phishing. Then scroll down and back as far as you can. You want to follow the early Twitter people who sounded and helped sound the alarm via RTs, and then kept sending and RTing news and updates to help others. Beware the very Johnny-come-latelys who just tweet at the end of the problem. Discriminate between those asking questions or just chatting and those who are really actively Tweeting to send helpful information. Ye, of course, you will see my ID there, but since you are already reading this at my blog, probably you know about me. Find other great people!

DISCLAIMER

I am not in any way associated with Peter Cashmore, @mashable or any of his work. He is an excellent source for information and any seeming promotion is simply because at the moment he is the very best source of breaking news about the current Twitter problem that we have.

However, so far Pete Cashmore has basically re posted info he gets from Twitter’s blog and from @spam. Three times Twitter has announced that they thought the situation was under control and as we know these assurances were mistaken.

FINAL WORD

If you have more good advice please enter it in a comment to this blog. Always add your @ ID so people can find and follow you!

There are two previous blogs about the problem. Skim them but be sure to read the comments.

Please stay safe! Twitter is a wonderful opportunity to make connections. It’s all about relationships! That’s why I follow all followers back.

This entry was posted on Monday, April 13th, 2009 at 3:28 pm and is filed under Art Theory and Show Reviews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.