Data Security

Tumblr Worm Demonstrates Ongoing IT Security Struggle

Tumblr Worm Demonstrates Ongoing IT Security Struggle
December 3, 2012 2:21PM

Bookmark and Share
Security researcher Graham Cluley said it appeared the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending Tumblr pages. Each affected post had malicious code embedded inside it.

Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.

In an ugly event that demonstrates how easy it still is for hackers to compromise networks, Tumblr was infected with a worm that propagated a racist message to member blogs without their knowledge or permission.

Tumblr is asking bloggers that have witnessed the post on the site to "immediately" log out of any browser they used to access the social media platform. Tumbler actually relied on Twitter to communicate with its base.

The GNAA post also said Tumblr members are not beyond redemption and suggested they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Absolute Filth

A group that goes by the name Gay N***er Association of America, or GNAA, took credit for the racist post. Wikipedia describes the GNAA as "an anti-blogging Internet-trolling organization." The racist post called out Tumblr for propagating the "most f***ing worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating."

The GNAA post also said Tumblr members are not beyond redemption, as long as they "drink bleach and die, you emo, self-insisting, self-deprecating, self-indulgent empty husks of human beings." After continued rants against the Tumblr population, the GNAA suggested attempting to delete the post would delete a user's Tumblr account.

Brad Shimmin, an analyst at Current Analysis, said because the technologies and platforms being used so prevalently today for cloud-based services are both open and familiar -- and because of the level of maturity in the hacker realm -- these breaches tend to pop up regardless of the efforts companies put forth to maintain security.

"Companies don't talk about the efforts that go into subverting threats and avoiding threats and responding to threats for good reason," Shimmin said. "Companies are being attacked all the time. It's literally an ongoing 24/7 effort to secure both the availability of a service and security and privacy of the user data that's housed in that service."

How Hackers Breached Tumblr

So how did the attack happen? Graham Cluley, a senior security consultant at Sophos, said it appeared the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages.

As Cluley explained it, each affected post had some malicious code embedded inside it. A Base 64 string was encoded in JavaScript, hidden inside an iFrame that was invisible to the naked eye, that dragged content from a URL. Once decoded, he said, the intention of the code becomes more clear.

"If you were not logged into Tumblr when your browser visited the URL, it would simply redirect you to the standard login page. However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr," Cluley said.

"It shouldn't have been possible for someone to post such malicious JavaScript into a Tumblr post -- our assumption is that the attackers managed to skirt around Tumblr's defenses by disguising their code through Base 64 encoding and embedding it in a data URI."

Tell Us What You Think
Comment:

Name:



 Data Security
1. Juniper DDoS for High-IQ Networks
2. Google Hacker Team to Hunt Bugs
3. Cloud Firms Offer Azure Starter Kit
4. FBI Cyber-Expert's Humble Start
5. Chinese Hackers Hit U.S. Officials




 Most Popular Articles
1. Experts Say Four Threats Put Internet Freedom at Risk
2. Gartner Rates Security Solutions in Annual Magic Quadrant Report
3. Google I/O Conference Brings a Lot for Businesses
4. IBM Earmarks $3B for Next-Gen Cloud Computing Chips
5. Focus on Security in New Dell Products, Upgrades

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  Juniper DDoS for High-IQ Networks
  Seagate Unveils Networked Drives
  Google Hacker Team to Hunt Bugs
  Cloud Firms Offer Azure Starter Kit
  FBI Cyber-Expert's Humble Start

 Technology Marketplace
Big Data
Unlock your enterprise data's potential. Learn how in the research report.
Are you getting everything you can out of your business data?
 
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
CIO Issues
Secure and retain skilled technology professionals. Learn how.
 
Cloud Computing
Are you getting everything you can out of your business data?
 
Data Storage
Unlock your enterprise data's potential. Learn how in the research report.
 
Enterprise Hardware
Protect your network with APC Smart-UPS battery backup
Cisco UCS Invicta Series flash memory systems
 
Enterprise I.T.
Register for an upcoming ISACA® certification exam today
Secure and retain skilled technology professionals. Learn how.
 
Enterprise Software
Unlock your enterprise data's potential. Learn how in the research report.
 
Hardware
Protect your network with APC Smart-UPS battery backup
Ferocious productivity. A fearless team of pros. Find Out More
Cisco UCS Invicta Series flash memory systems
 
Network Security
Protect your network with APC Smart-UPS battery backup
 
Small Business
Ferocious productivity. A fearless team of pros. Find Out More