The malware that hit Twitter, called the Mikeyy worm, appears to have been created by a 17-year-old New York boy who had nothing better to do and wanted to drive traffic to his website. The worm exploited a cross site scripting flaw to compromise nearly 200 accounts and send more than 10,000 tweets. Users were infected simply by visiting the compromised profiles. The worm hit Twitter 4 separate times this weekend, each time sending tweets aimed at directing users to the site StalkDaily.com, a Twitter copycat site owned by the teenager in question. A copycat worm also jumped on the bandwagon, sending out spam tweets of its own with a link that claimed to be directions on how to remove the worm.

          “A message like this is particularly nasty, as there were plenty of re-tweets of this malicious message sent by genuine users,” said F-Secure Corp.’s chief research officer, Mikko Hypponenin in a blog post just minutes after Monday’s attack began. “The bit.ly link got redirected back to Twitter, to user reberbrerber’s profile which would infect Twitter users who viewed it.”

Experts say attacks on social networking services will only increase as more and more cybercriminals seek out vulnerabilities and use them to carry out XSS/PHP/SQL attacks. These attacks they say, will likely be used to gather lists of personal information which will then be used in more traditional spam and phishing attacks. To protect your company, don’t use sloppy code! Check and double check for JavaScript vulnerabilities and other security holes and block any you find as soon as possible. Your company’s reputation could depend on it!