Twitter Worms: How To Tell If You’re Infected
A new strain of Mikeyy is running rampant on Twitter today and the stream is focusing on little else. Twitter is working on the issue, and while I’m confident they’ll continue to close these loopholes, I’d expect mutations of these worms to continue to be an issue for the next day or two.
Meantime, a lot of people have asked me: how can I tell if I’m infected? There are several ways. And if you are, don’t panic – it’s a pretty simple cure.
Check Your Profile For Tweets You Did Not Send
Visit your profile page on Twitter (mine is http://twitter.com/sheamus). Scan through your tweet timeline for any tweets you did not send. These will say things like ‘Call Mikeyy’ or ‘Twitter, hire Mikeyy!’.
If you see anything like this that you definitely did not send, then you are infected.
Search On Twitter
If you tweet a lot it may take a while to work back through your timeline. An easier way to do this is to open a search query at http://search.twitter.com. Enter your username and Mikeyy within the search box. For example:
sheamus mikeyy
Again, if you’ve been discussing Mikeyy this will show up in the search. But you’re looking for tweets you did not send. If you see any, then you are infected.
Check Your Profile HTML Source Code
Go to your profile page, and open up the page source. (This will either be in your view menu, or possibly accessed via a right-mouse click. You’re looking for ‘view source’ or ‘open source’ or similar). These will open the HTML code for your profile page.
Look at it carefully. Do a search (CTRL+F) for ‘Mikeyy’. If you’ve mentioned Mikeyy at all, it will naturally show up in your tweets. But what we’re really looking for is malicious scripts or things added to your profile code within the design area. If you see anything suspicious, chances are you are infected.
Mouseover The Username
This will only work if you’re accessing Twitter through Twitter.com. If you mouseover an infected account’s username you may see some extra code after their name. If so, they are affected. This would work for your own name, too. (Thanks to Mac for the tip. I haven’t seen this happen myself but I have seen some users changing their username after being infected and this might be why.)
Conclusion
Infection isn’t the end of the world. Using the link provided above you can easily remove the Mikeyy worm. You might also like to read my article, “HOWTO: Protect Yourself On Twitter” for more tips on avoiding worm exploits in the future. At the moment, the worms on Twitter don’t pose any serious threat, but this is likely only the beginning.
While Twitter is working hard to close these exploit loopholes – at the time of writing the last Mikeyy auto-tweet seems to have gone out about 30 minutes ago and most of the older ones have been erased – these things typically get a lot nastier, more dangerous and damaging. It shouldn’t in any way ruin your experience within the network, but do take protective measures in the future.
Like this post? Subscribe to my RSS feed and get loads more!
Loading ...
the easiest way to tell who has it is to just mouse over their name. If you see / “> and then bunch of numbers, the person (or you) has been hit.
To clear the work you have to change your user name back to what you want it to be. Change your URL back to what you want. Save these settings. Change your password. Log out of twitter. Delete your browser cookies and history and log back in. If you don’t delete your cookies, it comes back.
To avoid getting hit you can also protect your updates for a while. Until this is over.
Don’t visit any profile unless you mouse over the name first.
Don’t follow any links that claim to link to a cure. Several worm messages link to the worm.
Thanks for the tip Mac. I haven’t seen a single instance of somebody’s name being affected on a mouseover, and I would assume this is only going to show up if you’re using Twitter.com, and not an external application. I’ll add your comments to the piece. Cheers.
Good info, Sheamus. Thx for the heads-up; I hadn’t even thought to check for worms lately. This is exactly why I direct anyone w/ Twitter questions to your blog.
Please tell us which platforms this affects. My understanding is that it can only infect in Internet Explorer?
–
Furry cows moo and decompress.
It isn’t platform dependent. Firefox can block it if you use the NoScript add-on. Without it, all browsers are vulnerable.