JavaScript Virus Hits Tumblr

  @ibtimesau on

Popular blogging site Tumblr was hit on Monday by a malware attack which resulted in the posting of self-propagating and offensive measures on streams of users.

Although fixed quickly, the attack is an indicator of the vulnerability of social networking sites such as Tumblr, which has 77 million blogs, to Internet trolling due to the inverse relationship between openness and functionality, tech experts explained.

The Sophos Naked Security blog said what happened was that the worm used for the attack took advantage of Tumblr's reblogging feature which allows anyone logged into the portal to automatically reblog a particular post. The code used had an encoded JavaScript hidden inside an iFrame that generated a pop-up message warning that Tumblr was performing maintenance and suggested the user follow another link.

Those logged into their Tumblr accounts, if they click the given link, would be infected with offensive content.

The attack affected at least 8,000 sites including the Tumblr blogs of major media organisations such as Reuters, USA Today and Entertainment Weekly.

Besides Tumblr, another popular blogging site is LiveJournal, a social network owned by SUP Media that allow users to keep a blog, journal, or diary. It features include:

  • Each journal entry has its own webpage which includes comments.
  • The journal page for each user shows recent journal entries with links to comments.
  • Customisation using S2 programming language, avatars and "userpics" that appear next to the username, similar to forums.
  • User info page contains contact information, biography, images, friends list, interests, communities and schools.

Meanwhile, Wibiya is an online toolbar that allows the user to add web applications to their Web sites without any cost. Wibiya aims to assist the publishers to communicate interactively with their audience. Its features include:

  • No coding necessary.
  • Toolbar installed via browser
  • Linked to several Web sites such as Facebook, Twitter and YouTube.

Blog sites like Tumblr and LiveJournal are vulnerable to malicious wares or malware like any other Web sites in the Internet. Every year, new list of malwares are registered and security applications like AVG and Microsoft Security Essentials update every day for antivirus signatures.

Bloggers should be wary of viruses such as these listed below because these are dangerous once it enters a computer system.

Fakelnst SMS Trojan

It disguises itself as popular apps like Instagram, Opera Browsers and Skype and then sends SMS messages to premium rate numbers. It is very infectious and consists of 60 per cent of Android malwares of its kind.

 Ransomware Trojans

It encrypts data files on the infected system and demands money from the victims for decryption key.

Win32: DNSChange Trojan

It is a part of a Rootkit and tries to protect other malware components by blocking access to update sites for security updates and signatures. For example, any access to the Web site hosts will be resolved to "localhost" which effectively will make it unreachable.

Join the Discussion