A new Twitter cross-site scripting worm is going around on Twitter. Just like the previous Twitter worms it talks about Mikeey.
Other messages used by the worm include:
Twitter, this sucks! Fix your coding. Twitter Security Team Really? You need to be fired. Horrible Coding! @oprah - sup? welcome to twitter - mikeyy @aplusk - hey, homo. - mikeyy @souljaboyellem - your music sucks dude. - mikeyy @TheEllenShow - hey baby, love me long time? - mikeyy @StephenColbert - you funny. - mikeyy @cnnbrk - he's back. ;) - mikeyy @nytimes - yep, it's true. - mikeyy Twitter, do you know about the before_save model callback? - mikeyy This exploit only affects Internet Explorer users. Thanks. - mikeyy Twitter, BeforeSave: ForEach: DataArray: EscapeHtmlCars!!! - mikeyy Get Firefox, thanks. www.Firefox.com Twitter, you should be paying me now. - mikeyy
Once a user views an already infected profile they get infected as well. The name, location, website and bio all gets changed to Mikeyy and they start posting messages randomly picked from the list above.
The malicious script itself is downloaded from 74.200.253.195. Twitter is working on fixing the problem.
This happens on the same day as media reports that Michael Mooney got a job because of his writing the first Twitter worms. So if he did this one too, what was the motivation? To get an even better offer from someone else!? Stupid.
For now, stay away from looking at user's profiles. Also Firefox and NoScript is a good combo.
Updated to add: Michael Mooney (Mikeey) confesses to writing this latest worm as well.