Sina Weibo, China’s micro-blogging website, was hit by a worm on Tuesday night Beijing time that showed some users posts containing a malicious link with messages including “software to listen to other people’s phones” and “Move a woman’s heart with 100 lines of poetry”. After clicking the link, the member’s account would then re-post the message and sent private messages that circulated the bad link again.
Sina Weibo said it eliminated the worm on Wednesday night at 9:25 pm, about 25 hours day after it first appeared. The worm was able to infect users’ accounts because of a problem with web pages, and Sina said it has reported the issue to public security and will work on improving the website’s security.
“Before, different kinds of worms have appeared on large social networking websites like Twitter, MySpace” said the CEO of Chinese security company Knownsec, Zhao Wei. The worm that affected Sina Weibo has infected many other social networking websites by taking advantage of cross-site scripting vulnerabilities, he said. Zhao cited an incident in 2009 in which Twitter users were hit by “StalkDaily”, a work developed by a 17 year old that convinced people to click on a malicious link, causing thousands of spam messages to be sent.
Zhao explained these worm problems were able to occur because the social networking websites did not pay sufficient attention to security, and estimates that tens of thousands of Sina Weibo’s 140 million users were affected by this worm.