Worm Defaces Tumblr the Blogging Site
Tumblr, the blogging Internet site was inundated with a PC-worm on December 3, 2012 as it spread all over changing the page contents by replacing an infamous crew-crafted offensive message, published theregister.co.uk dated December 4, 2012.
A gang comprising unknown troublemakers and named Gay Nigger Association of America (GNAA) started the attack as it typically accomplished its malicious task through obnoxious posts placed on different blogs.
Tentatively Tumblr stopped fresh journal posts from getting published so the worm could be hindered in propagating. But after some hours the website function was revived.
Operators of the Tumblr site stated in its updated news that the site engineers had managed to fix the problem, which involved a virus attack impairing some 1,000-or-so Tumblr blogs. They also appreciated the patience from the bloggers' end. Theregister.co.uk published this.
Importantly, it isn't only Sophos that examined the incident. Even Janne Ahlberg, security researcher after an examination said that the assault utilized one XSS (cross-site scripting) flaw. According to her, the flaw continues to affect Tumblr despite its officials claiming full resolution of the problem.
The researcher explained that she set up one Tumblr account inside various browsers, posted a public message having an XSS payload followed with going to the profile via a different account and computer utilizing Safari. Ahlberg found that the flaw was valid, she said. Softpedia.com published this dated December 4, 2012.
However, Ahlberg cautions that incase there's no response from Tumblr towards resolving the problem fast, there can be far more dangerous assaults compared to the present one.
Related article: Worm Spreads With Random Subject Lines
» SPAMfighter News - 11-12-2012