Your Ad Here

Interview with the Creator of the StalkDaily Worm


By Scott Campbell, Executive Editor

You can follow any responses to this entry through the RSS 2.0. This post has 2,051 views. You can leave a response or trackback to this entry

Today, Twitter was infamously attacked by a worm which maliciously effected accounts by forcing them to post a link to the website StalkDaily. I spoke to its creator, 17 year old Michael Mooney, who lives in Winnfield, Louisiana.mikeyy

NND: Do you have Twitter?

MM: I did, but they are now all suspended.

NND: How long did it take you to create the

MM: Around 2 hours. I created it last night.

NND: And why did you create the worm?

MM: Out of boredom. It was the middle of the night and I had nothing else better to do. I noticed the XSS vulnerability about a week back and decided to fiddle with it.

NND: How was the code behind the worm found?

MM: Well, when most of the users get infected with the “worm”, it auto updates their profile with the script for the javascript(XSS) and I guess from that someone decided to take a look into the input fields of Twitter and noticed something.

NND: When do you plan to deactivate the worm?

MM: As soon as they are able to sanitize their fields correctly, or promptly address me to remove it.

NND: So Twitter has not yet contacted you about this?

MM: Not at all.

NND: Do you realise that you’ve angered and upset a lot of people?

MM: Yes, I have realised that. I feel pretty bad about it, but it’s not me that left the vulnerability out in the open. I could be storing their data for bad, yet I am just posting data from their account which will quickly address Twitter that something is wrong. Though if no one were to do something, quickly, someone else could something like me but store data, such as their email, name, mobile number and use it for future spamming.

NND: There is a new worm floating around Twitter, which forces users to post Tweets saying that you ‘own’. Is that all that the new worm does?

MM: No, right now the worm only grabs the users auth token from their browser using javascript then updates their profile with the worm’s script, then updates their status, then follows a user.

NND: Which user does it follow?

MM: @onedegrees

NND: Will you be releasing any more worms?

MM: I’m not sure, depends on if Twitter sanitizes their fields.

NND: Is there any way to stop the Tweets?

MM: I don’t think so, you could disable javascript to prevent the XSS from being executed.

NND: The worm also removes the backgrounds of Twitter user’s pages?

MM: Yes, the new one does. It was another XSS I found.

NND: Do you realise you could be arrested for this?

MM: Yes, I’m aware. I’m not worried though. I know that it could land me in jail.

After this, Mikey signed off and told us that we are ‘as annoying as f**k’.


Advertisement
Your Ad Here

Recently Commented

Archives by Tag

1 America apple Barack blog Bush Business ces crash Credit Crunch Crime Death Economy Entertainment Goody Google Government Health Human Rights Internet iphone Ireland Jade Life Medical Money Music News Obama Politics President Prime Minister Religion Science/Environment Scotland Security Technology TV twitter UK us USA War World YouTube

Recent Entries

Log in /

© 2009 NND Media Network