Sina Weibo experienced its first mass virus attack at around 8pm this evening. A large number of users posted the exact same new stories with links to their Weibo. The situation became a vicious cycle as those became the hottest discussed topics, leading more people to click the links and become victims themselves.
My initial reaction was that this must be coordinated attack by one of the third-party applications that users authorize. But this was a scripted url attack under the disguise of Sina Weibo’s short link “t.cn”. This attack indicates that Sina Weibo may still have some gaping security holes.
- A sample of virus attack
Account of the Attack
This attack was written in Java Script, exploiting a XSS (Cross Site Script) security gap in weibo.com/pub. In effect, infected users would auto post the virus link disguised under the short link “t.cn” with a catchy news title. Users would also send DMs to their friends with the link and in some cases user passwords were even changed (the user’s cookie was extracted). Zhihu, the Chinese Quora, has a detailed description of attack. China’s human flesh search engine has quickly claimed the virus coder to be a Java script programmer named Chao Sen.
Suspect's Weibo account, now closed
By 21:25pm, Sina announced that the crisis was under control, with all of the virus content deleted. This attack did not feel hostile, but instead as if the programmer was proving a point that Sina Weibo is not safe (he might even deserve some recognition and credibility). But what if this was a hostile attack that aimed at hacking user accounts to extract their personal information that could cause financial losses?
Share TechRice!
Pingback: Sina Weibo Suffers Second Attack, Hits Site’s Top User Yao Chen