HOWTO: Remove StalkDaily.com From Your Infected Twitter Profile (UPDATED)
The issue on Twitter has now been rectified but please read and take the steps below if you are infected. For tips on how you can protect yourself in the future from these exploits, go here. For help on removing the Mikeyy worm, go here.
Twitter was hit hard today by StalkDaily, a cross-site scripting (XSS) exploit that will make you auto-tweet recommendations to the site all day long. It did it four times for me before I noticed.
You can get infected by visiting StalkDaily.com (don’t do it), as well as by opening the user profiles of other infected accounts within Twitter. Twitter is seriously infected with it. To check if you are, visit http://search.twitter.com and enter your username and the word stalkdaily.com as a search query, i.e.
sheamus stalkdaily.com
This will let you see if you have sent out any tweets without you realising.
Removing StalkDaily From Your Twitter Profile
- In your browser, clear your cache and empty all of your cookies. (This can be found in your settings.)
- Log out of TweetDeck or any external applications you are using.
- Check the URL and location areas of your profile (in Settings/Account on Twitter.com) for evidence of any malicious scripts. It’ll be obvious – something you haven’t added to these areas yourself. If you find anything, remove it. (Note: there was nothing in my profile, but I was still hit. Taking the rest of these steps still fixed the issue.)
- On Twitter.com, change your password.
- Log back in. It should be okay. If so, log back into TweetDeck et al.
- Go back and delete any tweets sent by you recommending StalkDaily. This is important.
- Report @stalkdaily in a tweet to Twitter’s @spam account as follows:
@spam @stalkdaily
DO NOT visit StalkDaily.com. Do not visit the profiles of users who are clearly infected.
If you later find yourself locked out of your Twitter account, this is a protective measure on Twitter’s part. You will need to reset your password on Twitter to log back in.
Please re-tweet this on Twitter using the button at the beginning of this post.
Thanks!
Like this post? Subscribe to my RSS feed and get loads more!
Loading ...
Thanks so much for this info! Happened to me this morning & I was lucky & caught it immediately. Weird thing is I did not visit the site at all that I’m aware of. I also didn’t have a script in the location field of my twitter profile as others have reported. I did change my password immediately & the spam tweet only happened once. Again, thanks so much – I’ve tweeted about your info.
Looks like it started up again! If you get any adds from gangsterboyhah, don’t click on it – it’s got a script that spams you
I got an add from him and went to see if I knew him. It showed his profile as locked. Switched back to my page and I was hacked. Password changed and updates deleted. Should we report him aswell?
I hadn’t visited the site, either. Perhaps it’s spreading through infected profiles now?
You don’t have to have visited stalkdaily.com to get infected. The profile AGangster had the infection too (was the source of it?), visiting his profile page while logged in caused a tweet to be sent on your account, that’s what the location field script did.
I got access to my account again – I reset my password a couple more times and it let me in…
Yes, there was a script in my “More Info URL:” field. I deleted it and changed my password. I never actually went to the site. Let’s see if it works.
It changes the “More Info URL” field in your settings, so people clicking on your “home page” go to StalkDaily.
To be clear – YOU DO NOT HAVE TO VISIT THIS SITE TO BE INFECTED. All you have to do is visit the page of someone infected. The location field is updated with several scripts. I think two retweet the link, and one changes the next victim’s location field.
When you are infected, their site will be on your ‘web’, you have to remove that too
I heard this about this new virus… StalkerDaily appears to be inserting JavaScript into your profile URL then taking control of your profile.. Odd it happened to me and thanks to your article I cleaned everything out and rebooted. What I don’t get is the motivation? Spamming is that the ultimate insult like I would click on a site with that name let alone post it. Ohh well that was interesting to say the least! Thanks
Thank you for this!
Most likely some service that accesses twitter that you have given your twitter password that has taken that database and used it to pose as you.
Thanks to all for comments and help. As said I never had any script in my profile, so I’m not sure entirely how my account got compromised, but I guess I could have missed something (or maybe the script cleaned itself up after insertion).
Either way, Twitter has still deemed it necessary to lock me out ‘temporarily’. Enormously frustrating. I can gain access by resetting my password, but that’s only through Twitter.com, and it doesn’t work on any external app, and if I log out, they lock me out again!
UPDATE: All good now. For more on this, read here.
Firefox with NoScript-Extension is your friend…
Agreed, Firefox and the noscript plugin prevent most of these problems.
Firefox with NoScript-Extension is your friend….
@Gabriella – probable motivation is lulz and kudos. StalkDaily could be a random fallguy.
Great read, however i have another problem on Twitter, i keep receiving tweet updates that say “Finally found the BEST way to get tons of followers for FREE! http://www.morefollowers.info” i wish i could block these status updates, but it appears as though i have posted it. In other words its a status update i supposedly have posted – when i haven’t. Any solution to that? I’ve even deleted my account & opened another (with the same username and password – could that also be the problem. Help wanted ASAP as i’ve received no assistance from Twitter and my account was once suspended on twitter due to this hourly status updates.
Help…
Yeah, looking at Twitter search it seems a lot of folk have been impacted, although there have been no new cases in the past four hours.
http://search.twitter.com/search?q=morefollowers.info
Best advice is to go to your Twitter settings/connections area at this link:
http://twitter.com/account/connections
And remove anything that shouldn’t be there. If it looks clean, raise a ticket at Twitter support, or send a polite tweet to @Delbius asking for help.
Whenever I would open Twitter I would not be in the page where the faces of the online celebrities and twitterers and the introduction of Twitter would be. Instead, I would suddenly be redirected to this part in twitter where people are all talking about one specific…..person? or place? Like a blog or forum in twitter. My account is not hacked yet and even though I suspect it was really a virus, nothing happened to my twitter or computer. My computer did not slow down nor was my account unaccessible or hacked. That I think is another virus in Twitter but only a less dangerous one since it only redirects you some sort of forum(blog) in Twitter. Sometimes, when some parts of my Twitter home page is already loading, I see 10 or 11 direct messages from who I follow and follows me at the same time and when I open I realize there are only 9. What virus is this because it is not harmful but only irritating. I want to know damn it! I always clear the history, cockies and cache at least thrice a week and I use Google Chrome because it is more HD than Internet Explorer and Chrome is also faster. It is such a shame how Twitter, where most celebrities visit and have accounts, can have such viruses. I'm so disappointed Twitter. ;(
Thanks for your update!
Did all of this and got to step 3 where I noticed a rather suspicious looking url's! removed them, followed the rest of the steps and now seem to be back to normal!
Thanks
Stan