ReadWriteWeb

StalkDaily: A New Twitter Virus on the Loose?

Written by Lidija Davis / April 11, 2009 4:41 PM / 16 Comments
« Prior Post Next Post »

twitter_apr_09.jpgNetwork World is reporting a new Twitter virus has been making the rounds today. At best the virus will auto-tweet this message: "Hey everyone, join StalkDaily.com. It's a site like Twitter but with pictures, videos and so much more." At worst, it may lock you out of your Twitter account as noted by Sheamus Bennett at Twittercism.

"Whatever you do," suggests Bennett, "don't visit StalkDaily.com. Even without registering or logging on to the site it somehow infects your Twitter profile." Curt Monash over on Network World, however, suggests you can get infected without visiting the site; clicking on the GangsterBoy Twitter account could be enough to cause the infection.

While no one has been able to verify what is going on and we have had no official word from Twitter [update below], Bennet recommends the following steps to remove StalkDaily from your Twitter profile if you think you've been infected.

  1. In your browser, clear your cache and empty all of your cookies. (This can be found in your settings.)
  2. Log out of TweetDeck or any external applications you are using.
  3. On Twitter.com, change your password.
  4. Log back in. It should be okay. If so, log back into TweetDeck et al.
  5. Go back and delete any tweets sent by you recommending StalkDaily. This is important.

Monash, who has been furiously sending messages to the @spam team to remove the seemingly malicious Gangsterboy account offers a suggestion from @pilot: disable scripts via NoScript in FireFox.

According to Bennett's latest tweet, there have not been any new instances of it in quite a while.

Update:

Twitter's Spam account has issued an update stating that it is aware of StalkDaily, is working to shut it down and recommends doing a password reset if you're locked out of your account as it may have reset your password for safety reasons.

« Prior Post Next Post »
Posted in and tagged with

Related Entries


Comments

Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts

  1. StalkDaily.com is harmless (view the source, only Google Analytics and statcounter.com code). The dangerous thing is an XSS exploit where unescaped code can be put in your bio.

    Posted by: Elijah Grey | April 11, 2009 5:57 PM



  2. To add to my last comment, I'm not implying that StalkDaily.com isn't responsible, which I think they are. I'm just implying that it's safe to go to the website.

    Posted by: Elijah Grey | April 11, 2009 5:59 PM



  3. Time to block that domain name - try http://opendns.com or hack your hosts file.

     Posted by: Bill Author Profile Page Posted on FriendFeed   | April 11, 2009 6:36 PM



  4. Post informative,also send me details how to be on twiter.

    Posted by: ranjith | April 11, 2009 10:53 PM



  5. The code is here: http://gist.github.com/93782 - It's pretty benign - you just need to update your profile if you get infected.

    When you visit an infected page on twitter it will grab your authentication token (which is inserted in every twitter page you visit) and use this to update your profile.

    To do so it simply sets your website to a dodgy url and closes off the link tag - then writes a script link to the dodgy code, and then opens up a new link tag (see line 104). Twitter goes to wrap your url in it's own link tag, thinking everything is normal. Then if anyone visits your profile, they also get their profile page updated.

    Twitter REALLY shouldn't let you put url encoded script tags in your web address ;)

    Posted by: Mr Speaker | April 11, 2009 11:42 PM



  6. Glad I stumbled into this article! I have you bookmarked to check out new stuff you post.

    Posted by: Kampanye Damai Pemilu Indonesia 2009 | April 12, 2009 12:17 AM



  7. But there are not visits redirected to stalkdaily.

    Posted by: rates | April 12, 2009 12:42 AM



  8. I got infected this morning when looking at profiles of people who had recently followed me - the one that infected me was called onedegrees. I have been locked out of Twitter account so I ma now advising everyone to unfollow me and I am in the process of deleting all twitter elements from my blogs and website and any other social media sites including facebook. Thought this information would be useful to you but I don't know if I will be coming back to Twitter as this hassle I don't need.

     Posted by: Pearletta Author Profile Page | April 12, 2009 3:37 AM



  9. wow didn't know about such virus. Just got here in this article in time.

    http://twitter.com/nepalsites

    Posted by: Interesting Blog | April 12, 2009 4:26 AM



  10. There will be always problems included with these shortenting URLs as every one expecting it,some one made use of it and spread the virus.

    Posted by: venkat | April 12, 2009 4:34 AM



  11. I just hope this new virus doesnt create any havoc... God bless..

    Posted by: Yogindernath | April 12, 2009 5:39 AM



  12. I am glad that i came to know about this information.. Thanks for sharing about this deadly virus..

    Posted by: Jackie | April 12, 2009 5:44 AM



  13. I never knew about this virus..Lets hope we dont get affected by it..

    Posted by: Brendon | April 12, 2009 5:46 AM



  14. Thanks for this information.. I really don't have any idea about this virus.

    Posted by: ITrush | April 12, 2009 6:34 AM



  15. Thanks for the heads up!

    Posted by: virtual online worlds for kids | April 15, 2009 4:46 AM



  16. Of course, now it's the "best video" scam, with a link... propagating itself over and over again. Twitter ought to shut down right now.

    Posted by: Almond Davis | May 30, 2009 10:00 AM



Leave a comment

Optional: Sign in with Connect Facebook   Sign in with Twitter Twitter   Sign in with OpenID OpenID  |  

If you think Twitter is big, check out the Real-Time Web
RWW SPONSORS



FOLLOW @RWW ON TWITTER

ReadWriteWeb on Facebook



POPULAR TAGS

TEXT LINK ADS



RWW PARTNERS