Art & Inspiration Blog

Following an attack the previous night on Twitter, 17 year old Mikey Mooney launched a second worm attack on Twitter today, Easter Sunday The attacks are suspiciously mirroring many of the phishing attacks on Twitter on a weekend in January 2009.

At that time people were infected when the followed shortened URL links to supposedly legitimate sites that were sent by their friends on Twitter. Except, it was not their friends who were sending the links, it was the phishers who had gained access to these accounts.

After last night’s attack of the StalkDaily worm, I wrote in a previous post and in Tweets that I was waiting for the second shoe to faill. Although Twitter assured us the hole in their code was fixed, the similarities were too striking for me.

Also, I did not and do not see the benefit for Mikeyy The self confessed perpetrator of the worms attacking Twitter. According to the news, he was just bored. However as the story unfolds, he is after money and too smart to be bored. The missing factor is how he expects to gain money from the initial or second attacks.

If I am smart enough to recognize that many people use the same passwords and nicknames on many accounts, including bank and credit cards online, so is Mikeyy. I also know that he can and has already gained this information from man Twitter accounts. He does not need to breach these accounts himself from the USA , He can sell the info to people in other countries who cannot be prosecuted.

Is this speculation? Sure. But, there has to be a better reason behind the second attack than boredom.

WHAT TO DO IF YOU’RE ON TWITTER NOW

•  DO not click on any Avatars or Twitter IDs, for instance, mine is @judyrey. Instead cut and paste them if you want to message anyone directly. Profile pages are infecting visitors, and by the time you can tell a person’s page is infected, it is too late—so are you!

•  Do not Open, send or RT any shortened URLs except for the ones in the updates at http://twitter.com/mashable PERIOD! Do not even trust shortened URLs that seem to come from @mashable in RTs. The sender could be a compromised account.

•  Use only full domain URLs. Such as http://ungravenimage.com/blog . Although this is not actually a direct link to this post, it works and is safe.

•  If you have the browser FoxFire use it instead of I>R> and immediately download the FREE NoScript app at https://addons.mozilla.org/en-US/firefox/addon/722

•  Accessing Twitter on the Web use 3rd party app like TweetDeck or Seesmic Desktop for now Am not sure if this will totally prevent infection but you are less likely to be. Again, avoid profiles, which are a source of the infection.

•  If You’re not using Firefox with NoScript then disable javascript in your browser.{Note—readers are requested to post info in comments to this post as to how to disable javascript in IE, Foxfire, Chrome & all other browsers. TY!]

•  If you use the same password on Twitter that you use for any other accounts change your Twitter password immediately!

•  Check your own Twitter settings to make sure your account has not been compromised. Look to see that your location and the URL listed are correct. If they are not correct you are infected.

WHAT TO DO IF YOU ARE INFECTED

In your browser settings, clear your cache and cookies (Smart to do now even if you are not infected. I did it last night, although you have to reenter many passwords to sites manually as a result.

1. Turn off javascript in your browser
2. Reset your Twitter password
3. Go to your online financial sites and change your passwords and log in names. Do this even if the passwords and names differ from those on Twitter. Best to be fully safe.
4. Go to Twitter and fix any changes to your profile such as your website’s URl or your location. Check carefully for any changes.
5. Change any other valuable passwords where you could be vulnerable, such as to your website(s) or other social media sites.
6. Re-enable javascript and check the Design section of your Twitter profile. If anything has changed, fully delete it . Then replace with your own avatar, colors or background.
7. Delete any tweets made on your account by anyone but you, especially look for ones that contain the Mikeyy or Mickeyy name or StalkDaily;
8. Log out of Twitter.
9. Log in to Twitter using a third party app or Foxfire with NoScript installed to access Twitter on the web.
10. to make sure there are no changes to your profile colors. If there are, delete these too and replace with whatever colors you want.

Note that no one has yet reported that their financial info has bee breached, credit cars uses, etc., but this is a holiday weekend. If this happens it will not be immediately noticed. So if your information has been compromise by the Mikeyy or StalkDaily worm take action now. Then watch your credit cards and other information carefully for awhile.

MESSAGES TO WATCH FOR:

Reportedly these messages were launched from compromised accounts. If you see one, avoid going to that Twitter account’s profile page – but at this point you should avoid ALL profile pages. Period. Send a reply using cut and paste only. Do not click on avatars or on @ IDs.

•  Any Tweets with word Mikeyy can come from an infected source or ID. This means that even the people sending good info and updates about the worm, virus or attack can be infected—or not. One of the most insidious aspects of a phishing or worm attack on Twitter is that the messages coming from the people we trust may not actually be from them.

•  Be extra careful about messages that report the attack is over. If you see such messages DO NOT click on any link. Instead check out the info at http://twitter.com/mashable and http://blog.twitter.com directly for yourself.

•  Keep a tab open at http://search.twitter.com and check #Mikeyy and #phishing for updates. Keep an eye on the right column’s trending topics. Mikeyy has said another attack will launch to change out Twitter backgrounds. It is quite possible that we can expect more problems.

•  Follow me: http://twitter.com/judyrey I have helped in the prior attacks [See: Life Lessons Learned from the Phishing Attack on Twitter ] I also helped last night [See: Phishing Attack of Stalk Daily Worm on Twitter ]

•  and have stepped in to help in the Twitter Village at other times. I will continue to do my best to help my followers stay safe. If you study the lives of artists like van Gogh, Da Vinci, Picasso, Goya, David, etc. you will note that artists often step in to help or alert their communities through their art, but also by participating. In a way, to me, being a helpful part of my community is a part of my job description and role as an artist.

HOW TO BENEFIT FROM THESE ATTACKS

Mikeyy has fond a great way to reveal some of the very best people to follow? Who better top follow that the people who will watch your back , alert and update you to problems?

Use http://search.twitter.com and enter in pertinent keywords, such as #stalk, #stalkdaily, #mikeyy, #phishing. Then scroll down and back as far as you can. You want to follow the early Twitter people who sounded and helped sound the alarm via RTs, and then kept sending and RTing news and updates to help others. Beware the very Johnny-come-latelys who just tweet at the end of the problem. Discriminate between those asking questions or just chatting and those who are really actively Tweeting to send helpful information. Ye, of course, you will se my ID there, but since you are already reading this at my blog, probably you know about me. Find other great people!

DISCLAIMER

I am not in any way associated with Peter Cashmore, @mashable or any of his work. He is an excellent source for information and any seeming promotion is simply because at the moment he is the very best source of breaking news about the current Twitter problem that we have.

FINAL WORD

If you have more good advice please enter it in a comment to this blog. Always add your @ ID so people can find and follow you!

Please stay safe! Twitter is a wonderful opportunity to make connections. It’s all about relationships! That’s why I follow all followers back.

This entry was posted on Sunday, April 12th, 2009 at 10:30 pm and is filed under Art Theory and Show Reviews. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.