I’m guessing that you’ve probably heard about the worm attacks on Twitter over the Easter weekend. Even I did, and I was doing my best to take some time out from work, with rather more success than usual.
According to one Michael – sorry, Mikeyy – Mooney, a bored 17-year-old, he was responsible for the StalkDaily and Mikeyy worms that inflicted themselves on Twitter users, using a cross-site scripting attack. In fact, one researcher posted (on twitter, as it happens) that Mikeyy was so easy to trace, that he was wondering whether he might be being framed, but apparently it has more to do with his being, if anything, to ready to talk to anyone who’d listen to him.
Well, I’m sure you’ll be glad to know that he didn’t expect his brainchildren – hmm, not sure that word "brain" belongs here – to spread as fast and far as it did.
Hey, Mikeyy, Robert Morris was rather surprised that his worm caused so much fuss, but he still had to do a lot of community service… But then, he didn’t think to blanket the twitterverse with inspirational messages such as "Twitter please fix this, regards Mikeyy" and "Dude! Mikeyy is the shit :)" Well, yes, Mikeyy, I think you probably are. But perhaps you’ll grow out of it.
If you use twitter, you’ll probably be even happier to know that Mikeyy is done with the service, feeling that he’s been getting too much attention already. I can’t think why such a shrinking violet would be getting too much attention. Especially from Twitter, who have apparently indicated a willingness to direct their lawyers his way. I guess they won’t be taking him up on his offer to work for them, then.
However, my favourite part of this story is that Mikeyy hopes one day to get a job as a security analyst. After all, he points out, his worms "aren’t designed to do much damage."
I think he’ll probably find that mainstream anti-malware companies are likely to say "On your bikeyy, Mikeyy!" After all, they said pretty much the same thing to Mike Ellison, once known as Stormbringer, presented his arguments at a Virus Bulletin conference in the 1990s as to why the anti-malware industry should employ him. Ellison, however, did at least try to do the responsible thing, quitting the Phalcon/Skism group after discovering that one of his creations had caused damage when it somehow "escaped" onto an innocent end-user’s machine.
It appears Mr. Mooney has not yet had quite the same flash of realization. Let’s hope his enlightenment arrives before he does any real damage. Let’s hope also that his parents remember that terry diapers are better for the environment than disposables.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, We Live Security