Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

First Microblog Attack in China

Created: 30 Jun 2011 15:55:16 GMT • Updated: 23 Jan 2014 18:20:13 GMT • Translations available: 日本語
Livian Ge's picture
0 0 Votes
Login to vote

The Sina microblog is the biggest microblogging platform in China and is very similar to Twitter. It has more than 140 million users, which is almost 10% of the population of China. On June 28 this year, it was attacked by a cross-site scripting (XSS) worm and more than 30,000 users were affected. The worm aggressively sends out messages containing enticing hot topics and a shortened link to the member's follower list. This is not the first time that threats have used shortened links and on this occasion, it was used as a very simple but powerful tool by the attackers to hide the actual malicious URL.

The following is a screenshot of some of the spam messages sent out by the threat:

Once the link is clicked, the user's computer is infected and the threat starts sending private messages with the same shortened link to their followers, and posts these messages on their microblogs. Compromised computers also automatically add a new follower to their follower list called "@hellosamy", who is suspected of being the attacker.

Not long after the worm first appeared, Sina posted a message stating that the vulnerability had been fixed. Sina has since removed the malicious links and locked the attacker's account. It has also reported the attack to the Chinese authorities.

This worm only sends messages to followers of the infected user and does not steal passwords or other sensitive information. Symantec detects this threat as JS.Weisamy.

Blog Entry Filed Under: