Tumblr falls victim to Internet trolls

tumblr
A worm with a profane message from hacker group GNAA attacked thousands of Tumblr blogs on Monday.

In yet another incident illustrating that no one is safe from hackers, trolls and script kiddies, Tumblr fell victim to a security exploit Monday morning. The attack sucked in thousands of users -- including tech news sites Cnet, the Daily Dot and The Verge -- but its bark was louder than its bite.

Known collectively as GNAA, the mischief-making culprits found an exploit in the Javascript code that lets Tumblr's users reblog other users' posts. The group used the exploit to force its own tirade to automatically repost on the Tumblr blog of anyone who clicked it. Antivirus software maker Sopos posted a technical analysis of the worm on its Naked Security blog.

At the exploit's "peak," GNAA claimed it had racked up thousands of victims. Its last public proclamation -- a tweet that is now deleted -- had a victim count 8,600. (CNNMoney's own Tech Tumblr remained unaffected by the worm.)

The actual effects were pretty minimal, though. The offending posts can be eliminated by simply popping into Tumblr's mass post editor and deleting all of the posts that made it into your queue. (The GNAA message claims that deleting it will wipe out your Tumblr account, but that's a lie. It won't.)

Why'd they do it? Partially for the hell of it as a volley in the group's ongoing war against bronies (male fans of My Little Pony) -- a fight that features no shortage of slurs and insults.

But GNAA's spokesman says the attack was also aimed at drawing attention to Tumblr's slipshod security.

"We contacted Tumblr about this weeks ago and nothing came of it," the group's representative told Gawker in an interview. "This was a serious issue that needed to be fixed."

Tumblr said Monday afternoon that it had the problem quashed.

"Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today," the company told CNNMoney.

That should rid Tumblr of this very very, very minor plague. But if you see a stray rant floating about, now would be a good time to practice a little self-restraint and ignore it.

CNNMoney Sponsors