The malware went viral on December 3. Tumblr users viewing an infected post, if they were logged in, would discover that a racist rant has been published to their own account automatically by the malicious code. Initially, Tumblr's engineers tweeted that they had resolved the issue and that it had not spread very widely, affecting only a few thousand Tumblr blogs.
Graham Cluley, a senior technology consultant with Sophos, stated his belief that “the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumble would automatically reblog the infectious post if they visited one of the offending pages.” The virus's post credits a group of trolls with creating the malware.
Tumblr apologized for the issue a second time at the end of the day, reassuring users that no accounts were compromised, and they did not need to take further action. “As always, we are going to great lengths to make sure this type of abuse does not happen again,” the company concluded. Sadly, these kinds of attacks will probably continue to keep security engineers at social media and similar types of websites on their toes for years to come.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.