RSS

Weibo, China’s Twitter-like service, hit by worm

01 Jul

Its popularity dwarfs that of Twitter, but most people have probably never heard of the Sina Weibo micro-blogging site.

Weibo is huge in China, with over 140 million users merrily micro-blogging away, and following the latest updates from their favourite celebrities.

But all this popularity, of course, simply means that there’s an opportunity for more users to be hit by malware should one break out on the system.

Sina Weibo says that a worm broke out on their site at 8.20pm on Tuesday night, Beijing time, exploiting a cross-site scripting (XSS) vulnerability in the site to spread quickly.

Fan BingbingAccording to online reports, the worm originated from a Weibo account called “@hellosamy” and worm forwarded itself to other users with a range of enticing subjects to catch out the unwary.

These ranged from claiming to be links to bloopers from a newly-released propaganda movie, nude pictures of popular actress Fan Bingbing, and phrases such as “Move a woman’s heart with 100 lines of poetry” and “Software to listen to other people’s phones.”

Clicking on any of the links meant that your own Weibo account would automatically repost the link, and send messages to your online friends. Some users reported having received thousands of affected messages.

Fortunately, Sina Weibo reports that they patched the vulnerability on the site in just over an hour – a good response, but still not quick enough to stop thousands of people from being put at risk. Sophos products detect the worm as JS/Weibosamy-A.

The fact that the worm originated from an account called “@hellosamy” certainly caused me to raise an eyebrow. It seems to me that this is an homage to the Samy worm (also known as JS/Spacehero-A) which spread rapidly across the MySpace network in 2005, infecting many users’ accounts via a cross-site scripting vulnerability.

This isn’t the first time, of course, that an Asian social network has been hit hard by malware. For instance, in 2009 Naked Security reported on a cross-site scripting worm which spread across RenRen posing as a video of Pink Floyd’s classic song “Wish you were here”.

As more and more people put their trust in social networks, the sites themselves have to adopt a mature attitude to security and ensure that users are not being unnecessarily exposed to attacks.

by Graham Cluley on June 30, 2011

Advertisements
 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: