Worm hits popular Chinese Twitter-like service

Sina Weibo reports the worm, which appeared on Tuesday, was quickly stopped

A popular Twitter-like service in China with 140 million users was hit by a worm earlier this week that resembles past attacks that infected Twitter and MySpace, according to a security analyst.

Sina Weibo, a microblog service in China, said the worm first appeared on Tuesday night at 8:20 p.m. Beijing time. Affected posts displayed a malicious link with enticing messages like "Move a woman's heart with 100 lines of poetry" or "Software to listen to other people's phones." When the link was clicked, the user's own account would re-post and send out private messages circulating the malicious link again.

Sina reported in a post to users on Wednesday that the worm had been stopped on the same night at 9:25 p.m. The problem stemmed from a flaw in the web pages that the worm could exploit.

Sina said it reported the matter to the public security and that it will take further steps to improve the safety of its social networking service.

Zhao Wei, CEO of Chinese security company Knownsec, said the worm was of a type that has affected many other social networking sites by exploiting cross-site scripting vulnerabilities. "Before, different kinds of worms have appeared on large social networking sites like Twitter, MySpace" he said. Other Chinese social networking sites have also been victims, he said.

In 2009, Twitter was hit with the "StalkDaily" worm created by a 17-year-old. The worm created thousands of spam messages on the site by getting users to click on a malicious link. Lack of attention to security resulted in these worm attacks from occurring, Zhao said. In the case of Sina's social networking site, only tens of thousands of microblog users were affected, Zhao estimated.

Sina Weibo is one of China's largest Twitter-like services, and has become a hot new destination for the country's Internet users, which number at 457 million, according to the China Internet Network Information Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecuritysocial networkingSina CorpExploits / vulnerabilitiesinternet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Michael Kan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place