Twitter Squishes Worms; Author Owns Up

Media darling Twitter was hit with a series of worms this weekend, a scam that was the brainchild of a bored 17-year-old Brooklyn resident.

The micro-blogging site fell prey to four worm attacks between 2 AM Saturday Pacific time and early Monday morning, according to Twitter.

"We believe things are now under control; we'll be continuing to monitor the Mikeyy situation," the company said Monday via its @spam feed.

Mikeyy is the Internet handle used by the worm's creator. PCMag.com received an e-mail from an individual identifying himself as Mikeyy - or Michael Mooney - a 17-year-old high school student from Brooklyn and creator of StalkDaily.com.

"Yeah, I am the coder of the worm this weekend," Mooney wrote. "The worm spread through multiple XSS exploits, which then reposted data with AJAX after getting their auth token. I did this ... through infuriation with Twitter's lack of security and popularity.

Mooney acknowledged that he hoped the stunt would result in a job, "but I doubt I'll get any job offers," he said.

He has not been in contact with anyone from Twitter or law enforcement. Mooney is a "little bit" concerned about prosecution, but said he hopes he can "get out" of it since he did not cause any actual damage.

Should we expect any more Twitter attacks from Mikeyy?

"I believe I am done with Twitter related worms now, maybe with them in all," he wrote. "I believe I have caused enough publicity for myself in which I can't even handle."

Twitter first acknowledged the problems on Saturday.

"Earlier today we were informed of a malicious site that was spreading links to StalkDaily.com on Twitter without user consent via a cross-site scripting vulnerability," Twitter said on its status blog. "We've taken steps to remove the offending updates, and to close the holes that allowed this 'worm' to spread. No passwords, phone numbers, or other sensitive information were compromised as part of this attack."

At that point, about 90 accounts were compromised, Twitter later confirmed, but later in the afternoon "a second wave of the worm hit Twitter and this time it was much more intense," Twitter co-founder Biz Stone wrote in a blog post.

"About 100 accounts were compromised. Again, we identified and secured the accounts. We also identified and deleted malicious content that could work to further spread the worm," he wrote.

The third attack hit on Sunday morning and Twitter "and started fighting the attackers in real time," Stone wrote. "All told, we identified and deleted almost 10,000 tweets that could have continued to spread the worm."

At one point, the worm caused a 718 phone number to be posted to peoples' Twitter accounts, according to Internet marketer Robert Durso. Calls to the number went unanswered this morning, but Mooney said Monday that it "is one of my numbers."

The most recent hit occurred on Monday morning, which Twitter dubbed a "new manifestation of the worm attack."

Stone likened the attacks to the Samy worm that hit MySpace in 2005.

"At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing," Stone wrote. "Twitter takes security very seriously and we will be following up on all fronts."

Stone said that Twitter is currently "reviewing all the details, cleaning up, and [remaining] on alert. Every time we battle an attack, we evaluate our web coding practices to learn how we can do better to prevent them in the future. We will conduct a full review of the weekend activities. Everything from how it happened, how we reacted, and preventative measures will be covered."

Editor's Note: This story was updated at 3:30 p.m. Eastern time with comments from Mooney.