Is it possible to create a viral script that can invade your account just by mousing over a link? Having encountered the StalkDaily virus, I’m sorry to say the answer appears to be yes.
Happened earlier this evening as I visited accounts of new people who had started following me on Twitter. One thing I look for in a profile is whether the user has a blog, and I saw that one (a fellow Mariners fan; hasn’t she suffered enough) had her home page listed as http://www.stalkd… (with a character limit). Curious what kind of blog name that may be, I moused over it, which usually reveals a link name in the bottom left of my Firefox browser. No name appeared. That should have been my first indication something was amiss.
To mitigate, I deleted those tweets, changed my Web page back, created a new password and logged out. I found other sites that recommend clearing your cache and your cookies as well, so I complied as best I could. The Twittercism blog gives more information, and TechCrunch says it appeared to be an XSS attack. Great. New acronyms to fear.
Interesting that the viral attack was counterattacked via viral marketing, as a few Tweeps started warning everyone about it and then the information was retweeted (RTed) around the Twitterverse. If there are heinous folks out there figuring out ways to infect us when we merely mouse over a link — until now not a harmful maneuver — it’s good to know that the human desire to help and warn one another is as strong as ever.