Potty-Mouthed Worm Runs Rampant on Tumblr
A bowdlerized rendition of the rude message left on many Tumblr blogs Dec. 3, 2012.
The image-blogging service Tumblr is in crisis mode as a worm crawls across its network, repeatedly posting a message railing against the "worthless, contrived, bourgeoisie [sic], self-congratulating and decadent" blog-hosting site.
"The group discovered a way to self-propagate posts on the massive social blogging network," the tech blog The Daily Dot, one of the worm's victims, reported after it recovered from the attack.
The spreading post rants against Tumblr and its users, which it describes as "self-indulgent empty husks of human beings" enabled by the "seemingly pandemic growth and world-wide propagation" of Tumblr.
Tumblr hosts tens of billions of blog postings on 77 million blogs. Like WordPress, it is essentially a blogging platform, although it emphasizes images, has social-networking features akin to Facebook and is especially popular among teenage girls and men looking for pornography.
The term "Tumblr" briefly eclipsed the term "blog" in terms of Google searches earlier this year.
The group behind today's offensive prank has an even more offensive name, which we won't repeat. Also known as the GNAA, it's an infamous collective of online "trolls" known for spreading misinformation to the media and invoking racist stereotypes for shock value.
"Well, it looks like we've reached nearly 6,000 unique users affected," the Dot quoted GNAA member "Leon Kaiser" as saying. "Never expected it to get this big."
"The guy who found the bug messaged me about six hours ago, and we went live just under three hours ago," Kaiser continued. "We started with one post on a brand new Tumblr blog I sent the link to a few people, and it went from there."
Another, or possibly the same, GNAA member calling himself "Literal Ka" told the gossip blog Gawker that his group had informed Tumblr of the flaw two weeks ago, but only by filling out an online complaint form.
The GNAA took advantage of Tumblr's reblogging feature, Sophos Labs' Naked Security blog reported, by hiding malicious code in the original message. The bug spreads by "troll baiting" victims into clicking through, permitting the bug to infect the user's own Tumblr blog and spread to that victim's followers.
Only Tumblr users who are logged into their accounts can become infected, but as BuzzFeed advises, Tumblr users should avoid visiting Tumblr blogs directly or clicking on links in Tumblr posts.
For the curious, make sure you are logged out of Tumblr before trying to view the infectious posts yourself.
The worm does not appear to destroy content or steal private information or passwords. But as with most things GNAA, it is disruptive and obnoxious.
Andrew "Weev" Auernheimer, who was convicted last month of conspiring to collect iPad-user email addresses from an AT&T website, was an early member of GNAA, as was Daniel "JacksonBrown" Spitler, who wrote the computer program that collected the iPad-user email addresses.