Newsletters
The Enterprise Security Supersite NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Network Security Viruses & Malware Cybercrime Security Solutions More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Cybercrime
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
Tumblr Worm Demonstrates Ongoing IT Security Struggle

Tumblr Worm Demonstrates Ongoing IT Security Struggle
By Jennifer LeClaire

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Security researcher Graham Cluley said it appeared the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending Tumblr pages. Each affected post had malicious code embedded inside it.
 


In an ugly event that demonstrates how easy it still is for hackers to compromise networks, Tumblr was infected with a worm that propagated a racist message to member blogs without their knowledge or permission.

Tumblr is asking bloggers that have witnessed the post on the site to "immediately" log out of any browser they used to access the social media platform. Tumbler actually relied on Twitter to communicate with its base.

The GNAA post also said Tumblr members are not beyond redemption and suggested they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Absolute Filth

A group that goes by the name Gay N***er Association of America, or GNAA, took credit for the racist post. Wikipedia describes the GNAA as "an anti-blogging Internet-trolling organization." The racist post called out Tumblr for propagating the "most f***ing worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating."

The GNAA post also said Tumblr members are not beyond redemption, as long as they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Brad Shimmin, an analyst at Current Analysis, said because the technologies and platforms being used so prevalently today for cloud-based services are both open and familiar -- and because of the level of maturity in the hacker realm -- these breaches tend to pop up regardless of the efforts companies put forth to maintain security.

"Companies don't talk about the efforts that go into subverting threats and avoiding threats and responding to threats for good reason," Shimmin said. "Companies are being attacked all the time. It's literally an ongoing 24/7 effort to secure both the availability of a service and security and privacy of the user data that's housed in that service."

How Hackers Breached Tumblr

So how did the attack happen? Graham Cluley, a senior security consultant at Sophos, said it appeared the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages.

As Cluley explained it, each affected post had some malicious code embedded inside it. A Base 64 string was encoded in JavaScript, hidden inside an iFrame that was invisible to the naked eye, that dragged content from a URL. Once decoded, he said, the intention of the code becomes more clear.

"If you were not logged into Tumblr when your browser visited the URL, it would simply redirect you to the standard login page. However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr," Cluley said.

"It shouldn't have been possible for someone to post such malicious JavaScript into a Tumblr post -- our assumption is that the attackers managed to skirt around Tumblr's defenses by disguising their code through Base 64 encoding and embedding it in a data URI."
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Cybercrime
1.   Chinese Hackers Steal Patient Data
2.   FBI Cybersquad To Add Agents
3.   Russian Hacker To Be Held Until Trial
4.   Supervalu Suffers a Data Breach
5.   Snowden Talks MonsterMind Program


advertisement
Android 'Fake ID' Puts Millions at Risk
Users: stick to apps from Google Play.
Average Rating:
Russian Hacker To Be Held Until Trial
Prosecutors fear he would flee country.
Average Rating:
FBI Cybersquad To Add Agents
Rewarded for recent security successes.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 
Premier FBI Cybersquad in U.S. To Add Agents
After helping prosecutors charge Chinese army officials with stealing trade secrets from major companies and by snaring a Russian-led hacking ring, the premier FBI cyber-squad is getting a boost.
 
Apple Opens iCloud Data Center in China
Treading lightly, Apple acknowledged it has started to store encrypted iCloud personal data of some Chinese users on servers in mainland China, operated by the state-owned China Telecom.
 

Enterprise Hardware Spotlight
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 
Cisco Axes 6,000 Employees in Restructuring Plan
Faced with declining profits, Cisco is laying off up to 6,000 employees in the months ahead -- a whopping 8 percent of its global workforce. That's in addition to the 4,000 jobs Cisco cut last year.
 
Web Slows, Have Internet Routers Reached The Limit?
If you encountered problems connecting to the Internet on August 12, you weren't alone. Networking experts blame the wide-scale slowdown on outdated routing systems that are reaching their limits.
 

Mobile Technology Spotlight
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 
Sprint Comes Out with Data Guns Blazing
As its new CEO promised, Sprint has rolled out a new aggressively competitive price plan. The shared data plans promise twice the high-speed data and at lower prices than AT&T and Verizon Wireless.
 

Navigation
Enterprise Security Today
Home/Top News | Network Security | Viruses & Malware | Cybercrime | Security Solutions | Mobile Security | Disaster Recovery | Windows Security
Data Security | EST Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.