In association with heise online

13 April 2009, 10:14

StalkDaily/Mikeyy continues to flood Twitter

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Despite Twitter saying the initial issue with the StalkDaily worm had been resolved, Twitter users are now seeing the effects of a fourth generation of the worm. Now known as the Mikeyy worm, after Mikeyy Mooney, a 17 year old who claimed responsibility, the new worm promotes Mikeyy and taunts Twitter with messages such as "Twitter, hire Mikeyy! (718) 312-8131 :)", "Twitter, your community is going to be mad at you... - Mikeyy" and "This is all Twitters fault! Don't blame Mikeyy!!". Other messages sent by the worm offer instructions on how to remove it but also link to infected user profiles.

The latest variant changes an infected user's name to inject a script element into the head section which directs the browser to include a script called ajax.js from This contains an obfuscated script which will hijack the Twitter account of anyone who visits the user's profile page while logged in to Twitter. F-Secure's blog reports that the latest generation was apparently launched from a freshly registered account "cleaningUpMikey".

If infected, a user needs to edit their profile to remove the exploit. Disabling JavaScript can prevent the problem, but does reduce the functionality of other sites. Firefox users can install NoScript to control which sites can execute JavaScript and ensure that is not allowed to do so. To avoid infection, the advice for users is to use a third party client to access Twitter and not to view user profiles through a web browser. The latter part is somewhat harder as shortened URLs, common on Twitter, obfuscate the actual URL.

Twitter administrators have responded saying they were taking action to block the latest generation of the worm, and The H notes that as of writing, new Mikeyy infected messages seem to be falling off, being replaced with tweets about the worm.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit