Ubuntu / Linux news and application reviews.

It’s turning into quite a weekend for Twitter: a new exploit has been created carrying the name of the 17 year old who supposedly created yesterday’s StalkDaily worm. We should emphasize that the attack is more of a nuisance than malicious - its only activity is to post unwanted messages.

The “mikeyy” attack posted messages into user’s Twitter streams early Sunday using much the same technique as StalkDaily. At the time of writing, it’s still live and posting messages which contain the name “mikeyy”. The messages include the following:

Mikeyy I am done…
MikeyyMikeyy is done..
Twitter please fix this, regards Mikeyy
Man, Twitter can’t fix sh*t. Mikeyy owns. :)
Dude, Mikeyy is the sh*t! :)
Twitter should really fix this…

Mikeyy appears to use the same technique as StalkDaily, suggesting that the issue has not been fully fixed: exactly like yesterday’s exploit, it adds an executable script after #color in the CSS. There are multiple user-editable fields in the Twitter settings, and our best guess is that the exploit is using a different field for input.

It appears to be more of a nuisance than malicious at this point - the attacker is pointing out that Twitter has not fully fixed the issue.

To prevent infection, it’s smart to:

1. Stop visiting Twitter profiles on the web, since these are the source -

2. You might want use a 3rd party app like TweetDeck (TweetDeck reviews) or Seesmic Desktop for now

3. Disable javascript in your browser settings, or use a Firefox (Firefox reviews) add-on like no-script, which stops unwanted scripts from running

If you’re affected by Mikeyy, it’s smart to:

1. In your browser settings, clear your cache and cookies

2. Also in your browser settings, turn off javascript

3. Log into Twitter. Go to your Twitter settings and check for anything suspicious, particularly in the URL or location. If there’s anything there, delete it fully and replace with your actual URL and location.

4. Re-enable javascript and check the Design section of your Twitter profile to make sure there are no changes to your profile colors. If there are, delete these too and replace with whatever colors you want.

5. Delete unwanted Tweets containing Mikeyy

6. As an extra precaution, reset your Twitter password.

7. Log out of your account.

8. Since there are claims that Mikeyy may re-activate on login at Twitter.com, you may wish to continue using Twitter via a desktop client like TweetDeck or Seesmic Desktop, rather than on the web.

[via mashable]