Tumblr patches hole after malicious site attack

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Popular online social networking site Tumblr was ravaged on Monday by an Internet worm that spewed racist and inflammatory messages across thousands of user accounts.

The malicious hacking group known as GNAA claimed responsibility. The group has a history of menacing online communities with inflammatory messages, an activity known as trolling. Tumblr has since fixed the security vulnerability that led to the propagation, according to the company.

The self-replicating software that quickly propagated across the site added new Tumblr entries to an untold number of user accounts. It also threatened to remove all of a user's content if the offending posts were removed.

The organization instigated the attack to protest excessive self-righteousness on the part of bloggers, according to a GNAA spokesman who answered questions by email. The replicated entry called Tumblr users "self-insisting, self-deprecating, self-indulgent empty husks of human beings." The message was tagged with the keyword "bronies," which is a group of adult fans of "My Little Pony: Friendship Is Magic," an animated television show for children.

Brooklyn, New York, resident Amanda Lucci was one Tumblr user affected by the worm. She had read on Twitter early Monday morning Eastern time that the news site Daily Dot was hacked. Because her computer was logged into Tumblr at the time, when she clicked on the Twitter link to access Daily Dot, the GNAA message replicated multiple times onto her Tumblr account.
http://www.itworld.com/security/324790/tumblr-patches-hole-after-malicious-site-attack
 
How the Tumblr worm spread so quickly

Although Tumblr is now cleaning-up pages which were affected by today's worm, SophosLabs was able to briefly explore how the infection spread.

It appears that the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages.

Each affected post had some malicious code embedded inside them:

http://nakedsecurity.sophos.com/201...Feed:+nakedsecurity+(Naked+Security+-+Sophos)
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top