Tumblr Worm Defaces Pages with Repeated GNAA Racists Messages

Yesterday Tumblr was attacked by a worm that took advantage of the Tumblr's reblogging feature causing anyone logged in to reblog the infectious post if they visited an offending page prior.

Tumblr, the popular yet easy-to-use blogging platform for posting a short form of text, images, videos and links on a Tumblog has been the brunt of a serious attack injecting malicious encoded JavaScript hidden inside an iFrame throughout posts. The Tumblr worm attack would essentially reblog a fabricated GNAA (Gay N**** Association of America) content message on one's own Tumblr if their computer remained logged into the account.

The GNAA message is part of an association of Internet trolls that have a twisted agenda of causing an uproar due to the racist, condescending and explicit nature of their exploited messages. During the Tumblr worm attack, many bloggers took to other social media outlets to express their concerns of the vulgar message and being hit by such an attack. In a way, some users had to explain to their readers that they were the victim of a new hack and to avoid any associated links resulting from the GNAA messages.

What is probably just as discerning as the content of the ill-mannered GNAA message is how fast the Tumblr worm has spread throughout the service. Security experts have quickly examined the malicious code within the Tumblr hack and identified each affected post having a form of malicious code embedded inside them. The embedded code actually seemed to rely on being decoded by means of content from a url. Some users affected by the Tumblr worm witnessed a pop-up message claiming to be from Tumblr asserting that Tumblr would be undergoing maintenance, and they can either 'Stay on Page' or 'Leave Page', thus loading a malicious url once a selection is made on the pop-up. For the users not logged into Tumblr when the web browser visited the malicious url, the user would be redirected to a standard login page. For those logged in, the Tumblr worm took full advantage of the user's Tumblog by reposting the nasty GNAA message.

Security experts believe that the Tumblr worm should not have been able to cause such a mass hysteria by posting JavaScript into a Tumblr post. It is possible that the attackers were able to bypass Tumblr's security by means of disguising code. Such an attack is reminiscent of a time when cross-site-scripting (XSS) vulnerability was used on other social networks in the past, such as when Twitter was hit with an auto-generated WTF message or a time when Twitter succumbed to a 'Mouseover' hack through XSS exploitations.

While Tumblr was still working to resolve the worm attack, users would simply get a 'service is temporary unavailable message'. Now that the issue has been resolved, Tumblr has tweeted how the 'viral post attack' affected a few thousand Tumblr blogs.

The Tumblr worm is just another case that makes it evident how hackers are continuously working on the next scheme to attack a large social network. The least users of social networks can do is to use extreme caution when clicking on links and to always run antivirus or antispyware software to catch potentially infectious urls.