Is it possible to create a viral script that can invade your account just by mousing over a link? Having encountered the StalkDaily virus, I’m sorry to say the answer appears to be yes.
Happened earlier this evening as I visited accounts of new people who had started following me on Twitter. One thing I look for in a profile is whether the user has a blog, and I saw that one (a fellow Mariners fan; hasn’t she suffered enough) had her home page listed as http://www.stalkd… (with a character limit). Curious what kind of blog name that may be, I moused over it, which usually reveals a link name in the bottom left of my Firefox browser. No name appeared. That should have been my first indication something was amiss.
I returned to my Twitter page and after a refresh saw that my account was listed as telling other people to visit StalkDaily[-dot-]com. Repeatedly. I was confused. So I clicked onto my profile page and saw that this address was now listed as my Web home page. Somehow, just by the mouseover enabling some Javascript function (if that’s the right word; I’m not hardcore technical at all), my listed home page changed and some kind of feed bringing these messages through my Twitter account had become enabled. The simple and insidious nature of the invasion struck me as quite breathtaking.
To mitigate, I deleted those tweets, changed my Web page back, created a new password and logged out. I found other sites that recommend clearing your cache and your cookies as well, so I complied as best I could. The Twittercism blog gives more information, and TechCrunch says it appeared to be an XSS attack. Great. New acronyms to fear.
Interesting that the viral attack was counterattacked via viral marketing, as a few Tweeps started warning everyone about it and then the information was retweeted (RTed) around the Twitterverse. If there are heinous folks out there figuring out ways to infect us when we merely mouse over a link — until now not a harmful maneuver — it’s good to know that the human desire to help and warn one another is as strong as ever.
InsideTimsHead 