HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Data Security / Tumblr Worm Spreads Offensive Post
Close the insights gap
Between you and your customers with Microsoft Dynamics CRM.
See real-time CRM work
Tumblr Worm Demonstrates Ongoing IT Security Struggle
Tumblr Worm Demonstrates Ongoing IT Security Struggle
By Jennifer LeClaire / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
03
2012


In an ugly event that demonstrates how easy it still is for hackers to compromise networks, Tumblr was infected with a worm that propagated a racist message to member blogs without their knowledge or permission.

Tumblr is asking bloggers that have witnessed the post on the site to "immediately" log out of any browser they used to access the social media platform. Tumbler actually relied on Twitter to communicate with its base.

The GNAA post also said Tumblr members are not beyond redemption and suggested they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Absolute Filth

A group that goes by the name Gay N***er Association of America, or GNAA, took credit for the racist post. Wikipedia describes the GNAA as "an anti-blogging Internet-trolling organization." The racist post called out Tumblr for propagating the "most f***ing worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating."

The GNAA post also said Tumblr members are not beyond redemption, as long as they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Brad Shimmin, an analyst at Current Analysis, said because the technologies and platforms being used so prevalently today for cloud-based services are both open and familiar -- and because of the level of maturity in the hacker realm -- these breaches tend to pop up regardless of the efforts companies put forth to maintain security.

"Companies don't talk about the efforts that go into subverting threats and avoiding threats and responding to threats for good reason," Shimmin said. "Companies are being attacked all the time. It's literally an ongoing 24/7 effort to secure both the availability of a service and security and privacy of the user data that's housed in that service."

How Hackers Breached Tumblr

So how did the attack happen? Graham Cluley, a senior security consultant at Sophos, said it appeared the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages.

As Cluley explained it, each affected post had some malicious code embedded inside it. A Base 64 string was encoded in JavaScript, hidden inside an iFrame that was invisible to the naked eye, that dragged content from a URL. Once decoded, he said, the intention of the code becomes more clear.

"If you were not logged into Tumblr when your browser visited the URL, it would simply redirect you to the standard login page. However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr," Cluley said.

"It shouldn't have been possible for someone to post such malicious JavaScript into a Tumblr post -- our assumption is that the attackers managed to skirt around Tumblr's defenses by disguising their code through Base 64 encoding and embedding it in a data URI."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN DATA SECURITY

NETWORK SECURITY SPOTLIGHT
If you're a Google Gmail user, it's bad news. About 5 million Gmail addresses and plain text passwords were leaked to an online forum on Tuesday. The good news: the data is old, but better security is still needed.

ENTERPRISE HARDWARE SPOTLIGHT
The tech giant is expanding its cloud solutions which promise secure access to enterprise phone, email, and storage apps. The latest addition to the Dell Mobile Workspace involves Vonage and MS Office 365.

MOBILE TECHNOLOGY SPOTLIGHT
On pins and needles for your new iPhone? Prepare to wait a little longer: Apple has exhausted its pre-order supply of the iPhone 6 Plus. AT&T, meanwhile, reported a delay of two weeks for the iPhone 6.

Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.