Crikey €“ it's Mikeyy

Share

As I reported, my Twitter account became infected with the Mikeyy worm earlier today. It's so new that, unusually, Wikipedia does not yet have an entry for it. So, what can I learn from the experience of having a compromised computer for the first time in nearly 30 years of computing?

The first thing, is that you do not have to be doing anything stupid to get infected. In my case, I was simply checking out a new follower on Twitter, since I always check these out so I can block those that are obviously spam accounts. But simply viewing the infected profile was enough to infect mine, and that of anyone else who had the misfortune to visit it (sorry - if you want to know how to remove it, see this post). This is clearly a big problem for Twitter, since looking at profiles is pretty central to the way it works.

The second point is that you cannot make your system too secure. Even though I was running Firefox on GNU/Linux, with all the security features enabled, the particular approach of the Mikeyy worm worked thanks to a Javascript trick that Twitter's coders have not blocked, and that browsers are still defenceless against.

Following from this, the third point is that you should have full control over Javascript. I've never bothered installing the NoScript Firefox add-in until now, because I've never come across a problem. Obviously, I should have taken a more pro-active approach to defending against these kind of attacks, rather than waiting until being infected. So, if you do not have NoScript installed yet, I strongly suggest that you consider doing so.

Finally, my experience shows that it may be worthwhile using a dedicated client for services so as to avoid generic browser weaknesses. I've been using the AIR-based Tweetdeck for a while, and found it quite good, memory use aside. The problem, of course, is that neither is open source. That, at least, is something that can be solved. Clever attacks like those of Mikeyy are going to be rather harder to sort out, so all of us – especially me in the view of today's events – need to be on our guard.

Update: A further thought. I've always hated URL shorteners, ever since I first came across TinyURL. That's a bit of a problem for Twitter, which depends on them for embedded URLs. It's also a big danger given the attack described above, since such a compressed URL could easily take you to an infected page, and there's no way of knowing beforehard.

That's why I've now installed another Firefox add-on (where would we be without them?), bit.ly preview. The great thing about this is that it not only works with the bit.ly URL shortening service, but with most others too. When you hover over one of them, it shows what link it refers to. It also tells you how many times that shortener has been clicked on in the case of bit.ly. It adds at least a modicum of extra security; so far, I'm impressed.