Inside View from Ireland: Surviving the Twitter Worm

LIKE HUNDREDS OF OTHERS, I watched a little worm wiggle through the part of the online universe that revolves around Twitter. The malicious worm worked by making several XSS attacks on Twitter, apparently all originating from the same hacker. The attacks caused a little distress for some people because they started following people they never vetted, they started sending tweets they never typed and they started cross-posting snippets of code to places they never intended. The distress stemmed from Mikeyy, a programmer with some clever Javascript skills. From my perspective, I saw the worm making its rounds when several people I follow sent exactly the same tweets and then I spotted those tweets in Seesmic Desktop, where lines of code were exposed in plain view. Here are the common strings of text that Mikeyy spawned in accounts I follow:

How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1s

This worm is getting out of hand Twitter. - Mikeyy

Twitter, your community is going to be mad at you… - Mikeyy

Then during a very quiet hour (between 4AM - 5AM local time), I watched a minimum of five people follow me every time I tweeted from Gravity or Seesmic Desktop. Over in Facebook and also on Friendfeed, I read parts of my newsfeed that rebroadcast little tidbits like telling Twitter to hire Mikeyy, another one of the tweets that would spawn from an infected account. People got infected by allowing their browsers to activate Javascript-powered code. Then many of those people didn't know how to restore their accounts to a safe setting. I stayed away from the threat by following a few procedures.

First, I use a secondary application when viewing Twitter. I prefer Seesmic Desktop (free) on my laptop or Gravity (€10) on my Nokia E90. Javascript doesn't interact with those clients. I trust those clients more than I trust Twitter..

Second, I routinely listen to myself through a second account or via RSS feed. That way, I can see what either myself or some agent is doing to my twitter account. I believe it's important to listen well if you want to experience vibrant online conversation.

Third, I know how to clear cache, disable Javascript, or find Twitter through its mobile version on my laptop. I think these should be essential skills for anyone driving around on the internet--like a driver's test.

Fourth, most days, I run CCleaner, an application that seems to clear away cookies and cache more efficiently than when I complete the process manually.

It will be interesting to see how Twitter's brand survives this latest little onslaught. Of all my commonly used communications applications, Twitter is the only one that permits me to log in from several touchpoints simultaneously. I don't think session management is a planning consideration from Twitter's engineers. Twitter also has weaknesses with its infrastructure that are well-reviewed elsewhere. To remedy those deficiencies and to move up to being an enterprise class communications system, a mainframe back end would have to be rolled into place. The cost in terms of expertise and hardware are probably unfunded in the Twitter business plan.

So for now, it's back to watching Mikeyy trend on Twitter's search screen and to remember what it means to browse safely.

More: ZDNET -- "Viruses and worms"
John Resig -- "Versions of Javascript"