JavaScript worm exploits Tumblr flaw

Tools

A nasty piece of JavaScript code defaced thousands of Tumblr accounts on the free blog hosting platform yesterday. The hack exploited a weakness in Tumblr's reblogging function, causing logged in users who visited an affected page to automatically reblog it. The attack was apparently used to spread a racist diatribe and did not cause any harm to computer systems.

Security vendor Sophos managed to examine a copy of the offending code snippet, and concluded that the exploit made use of JavaScript that has been scrambled to evade detection by Tumblr. Engineers from Tumblr stopped the viral attack in its tracks by temporarily disabling the ability to post. The site was cleaned up and the vulnerability was patched within a few hours.

In an update, Tumblr issued a statement noting that "a few" thousand accounts were affected by the spam post. Tumblr apologized for the inconvenience and said that no accounts had been compromised. "We quickly identified the source, removed the posts, and restored service to normal," the company said.

As reported on Dark Reading, David Marcus, director of advanced research and threat intelligence for McAfee, noted that the Tumblr attack showed the dangers of staying logged into an online service. He recommended that users log out of Tumblr and restart their web browsers to eradicate any residue code on their systems.

For more:
- check out this article at Dark Reading

Related Articles:
WordPress worm dangerous, but easily fixed
Symantec finds malware designed to corrupt databases