I was away for the weekend attending PragueCrunch (more on that later), so I missed most of the conversation about Mikeyy, the Twitter worm that’s been plaguing the micro-sharing service for the last couple of days. And just as I was reading up on it, it seems like a fourth attack is being carried out as I’m writing this. That means that Twitter has not yet fully fixed the issue that arose during the weekend, and the messages Mikeyy is posting reflect that:
How TO remove new Mikeyy worm! RT!! http://bit.ly/yCL1s
This worm is getting out of hand Twitter. – Mikeyy
Twitter, your community is going to be mad at you… – Mikeyy
Update: at 3:40 am PST, Twitter posted a message saying that they believe the situation is now under control, and that they’ll continue to monitor Mikeyy.
Users are being advised to refrain from using the web version and use third-party apps instead, as well as to be careful when clicking links. Other steps that should be taken are changing your bio, URL and change / reset your hex color.
I would also recommend to take further precautions, like disabling Javascript in your browser, clear your cache and cookies and maybe even change your password, even if Twitter has previously informed users that no passwords, phone numbers or other sensitive information were compromised as part of this renewed attack.
You can keep track of Twitter’s Status blog and @spam account for updates.
I can only imagine how much damage this is doing to the startup’s reputation, and how the community will react to this new round of attacks when word gets out en masse. Granted, having unwanted messages posted to your account is more of an annoyance than a genuine security risk, but this is clearly severely impacting the way people look at and use the service now, particularly those who use Twitter for commercial reasons.