A worm is infesting Tumblr, the microblogging service. Here’s what’s happening and what to do to ward off contagion.
News has emerged that the platform Tumblr is currently experiencing a worm attack.
The problem has actually been promptly identified and the technical staff is monitoring the situation, however, it is useful to explain how the infection manifests itself in order to avoid it in the future, should the problem recur.
The worm introduced to Tumblr initially had an easy run, as it appears to have been programmed to exploit one of the platform’s own features.
The attack, it is understood, would have easily propagated simply by infiltrating the reblog mechanism, a fundamental operation offered by Tumblr for sharing phrases, thoughts, and photos posted by others.
It seems, in fact, that the worm was hidden in a JavaScript contained within an iFrame not immediately identifiable as such, as it was not physically visible to the user: a classic case of hidden code on the page.
At this point, a pop-up window would open automatically, inviting users to log in via a login screen.
Naturally, this window had nothing to do with Tumblr: it was precisely the vehicle of infection, although its ultimate purpose is not yet entirely clear.
For this reason, Tumblr’s security technicians have advised that it would be appropriate to change your password for your Tumblr account, as a precautionary measure.
In total, it is estimated that around 86,000 users may have been infected, but, as specified, the danger has currently been neutralized and is under control.
Be the first to comment