Content
JS/Twettir
- Type
- Internet Worm
- SubType
- JavaScript
- Discovery Date
- 04/12/2009
- Length
- Varies
- Minimum DAT
- 5583 (04/13/2009)
- Updated DAT
- 5583 (04/13/2009)
- Minimum Engine
- 5.2.00
- Description Added
- 04/12/2009
- Description Modified
- 04/13/2009 9:38 AM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
JS/Twettir is the detection for a JavaScript that exploits a cross site scripting vulnerability in Twitter to infect other user profiles.
Once an infected profile is viewed, it executes and injects a JavaScript code in the viewers profile causing them to be infected as well.
This worm sends messages to all contacts containing any of the following strings:
- Dude, www.StalkDaily.com is awesome. What's the fuss?
- Join www.StalkDaily.com everyone!
- Woooo, www.StalkDaily.com :)
- Virus!? What? www.StalkDaily.com is legit!
- Wow...www.StalkDaily.com
- @twitter www.StalkDaily.com
- Twitter has been hacked !!!
- Twitter worm, read here
- StalkDaily worm on Twitter, more info
- HOWTO: Remove StalkDaily.com Auto-Tweets From Your Infected Twitter Profile | Twittercism
- #Stalkdaily virus runs riots on twitter. Learn how to remove it
Symptoms
Messages are sent containing the strings mentioned.
Method of Infection
Twitter profile are infected through cross site scripting when an infected profile is viewed.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
-- Update April 13, 2009 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://news.cnet.com/8301-1009_3-10217684-83.html
--
JS/Twettir is the detection for a JavaScript that exploits a cross site scripting vulnerability in Twitter to infect other user profiles.
Aliases
- JS.Twettir (Symantec)
Characteristics
Characteristics -
JS/Twettir is the detection for a JavaScript that exploits a cross site scripting vulnerability in Twitter to infect other user profiles.
Once an infected profile is viewed, it executes and injects a JavaScript code in the viewers profile causing them to be infected as well.
This worm sends messages to all contacts containing any of the following strings:
- Dude, www.StalkDaily.com is awesome. What's the fuss?
- Join www.StalkDaily.com everyone!
- Woooo, www.StalkDaily.com :)
- Virus!? What? www.StalkDaily.com is legit!
- Wow...www.StalkDaily.com
- @twitter www.StalkDaily.com
- Twitter has been hacked !!!
- Twitter worm, read here
- StalkDaily worm on Twitter, more info
- HOWTO: Remove StalkDaily.com Auto-Tweets From Your Infected Twitter Profile | Twittercism
- #Stalkdaily virus runs riots on twitter. Learn how to remove it
Symptoms
Symptoms -
Messages are sent containing the strings mentioned.
Method of Infection
Method of Infection -
Twitter profile are infected through cross site scripting when an infected profile is viewed.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
