Tumblr Worm Exploited Site’s Re-blogging Feature

(Before It's News)

redOrbit Staff & Wire Reports – Your Universe Online

A group of hackers going by the name “GNAA” claimed responsibility for a fast-spreading software worm that infected thousands of accounts on the popular micro-blogging site Tumblr on Monday morning.

Users of infected accounts saw their pages defaced with a profane, expletive-laden message.

Tumblr was able to fix the security exploit within hours, and released a statement Monday afternoon saying the site had been restored to normal.

“This morning, some of you may have noticed a spam post appearing repeatedly on your Dashboard and on the blogs of a few thousand affected accounts. We quickly identified the source, removed the posts, and restored service to normal,” the statement read.

“No accounts have been compromised, and you don’t need to take any further action. Our sincere apologies for the inconvenience. As always, we are going to great lengths to make sure this type of abuse does not happen again.”

Security software firm Sophos said the worm had harnessed Tumblr’s re-blogging feature, so that anyone who was logged into the site would automatically re-blog the infected post if they visited one of the offending pages.

“Each affected post had some malicious code embedded inside them,” Sophos said on its Naked Security blog.

In a now-deleted tweet, GNAA said its exploit had impacted 8,600 Tumblr accounts at its peak. The Internet trolling group released a statement saying the attack was part of its ongoing war against bronies — male fans of My Little Pony.

A GNAA spokesman said the hack was also aimed at shining a light on Tumblr’s slack security.

“We contacted Tumblr about this weeks ago and nothing came of it,” the spokesman told Gawker.

“This was a serious issue that needed to be fixed.”

Sophos said it shouldn’t have been possible for someone to post such malicious JavaScript into a Tumblr post.

“Our assumption is that the attackers managed to skirt around Tumblr’s defenses by disguising their code through Base 64 encoding and embedding it in a data URI.”

redOrbit.com
offers Science, Space, Technology, Health news, videos, images and
reference information. For the latest science news, space news,
technology news, health news visit redOrbit.com frequently. Learn
something new every day.\”

• Africa’s Disappearing Savannahs Threaten Lion Populations
• Scientists Warn Of Major Earthquakes In Himalayas And Pacific Northwest
• Maine Lobsters Are Cannibals: They Eat Their Youngsters
• Russian Far East A Hotbed Of Seismic, Volcanic Activity: Potential Threat To Pacific Basin
• Solar Impulse 2015: Around The World In A Solar-Powered Airplane
• New Jamaican Butterfly Species Discovered In The Cockpit Country Wilderness
• Satellites See Record Low Worldwide Snow Cover
• Using Thermography, Researchers Find Evidence Of The Pinocchio Effect
• Big Story Weather – December 4, 2012
• NASA roadmap: Current and planned solar system missions