Worm Defaces Tumblr the Blogging Site

Tumblr, the blogging Internet site was inundated with a PC-worm on December 3, 2012 as it spread all over changing the page contents by replacing an infamous crew-crafted offensive message, published theregister.co.uk dated December 4, 2012.

A gang comprising unknown troublemakers and named Gay Nigger Association of America (GNAA) started the attack as it typically accomplished its malicious task through obnoxious posts placed on different blogs.

Tentatively Tumblr stopped fresh journal posts from getting published so the worm could be hindered in propagating. But after some hours the website function was revived.

Operators of the Tumblr site stated in its updated news that the site engineers had managed to fix the problem, which involved a virus attack impairing some 1,000-or-so Tumblr blogs. They also appreciated the patience from the bloggers' end. Theregister.co.uk published this.

Researchers from Sophos the anti-virus vendor state that the hate message from GNAA proliferated through malware, which abused flaws within Tumblr's re-blogging facility. The message post contained a code which linked up with malware hosted on yet one more website. There was also a malicious JavaScript inside an iframe which connected with an external site. This JavaScript utilized base-64 encoding. The technique condensed printable 'American Standard Code for Information Interchange' (ASCII) number-alphabet combinations as a way of representing massive binary data. That aided in making more difficult the knowledge of a script's precise way of behaving once run.

Importantly, it isn't only Sophos that examined the incident. Even Janne Ahlberg, security researcher after an examination said that the assault utilized one XSS (cross-site scripting) flaw. According to her, the flaw continues to affect Tumblr despite its officials claiming full resolution of the problem.

The researcher explained that she set up one Tumblr account inside various browsers, posted a public message having an XSS payload followed with going to the profile via a different account and computer utilizing Safari. Ahlberg found that the flaw was valid, she said. Softpedia.com published this dated December 4, 2012.

However, Ahlberg cautions that incase there's no response from Tumblr towards resolving the problem fast, there can be far more dangerous assaults compared to the present one.

Related article: Worm Spreads With Random Subject Lines

» SPAMfighter News - 12/11/2012