A popular Twitter-like service in China with 140 million users was hit by a worm earlier this week that resembles past attacks that infected Twitter and MySpace, according to a security analyst.
Sina Weibo, a microblog service in China, said the worm first appeared on Tuesday night. Affected posts displayed a malicious link with enticing messages like "Move a woman's heart with 100 lines of poetry" or "Software to listen to other people's phones." When the link was clicked, the user's own account would repost and send out private messages circulating the malicious link again.
Sina reported in a post to users on Wednesday that the worm had been stopped on the same night at 9:25 p.m. The problem stemmed from a flaw in the web pages that the worm could exploit.
Sina said it reported the matter to the public security and that it will take further steps to improve the safety of its social networking service.
Zhao Wei, CEO of Chinese security company Knownsec, said the worm was of a type that has affected many other social networking sites by exploiting cross-site scripting vulnerabilities. "Before, different kinds of worms have appeared on large social networking sites like Twitter, MySpace" he said. Other Chinese social networking sites have also been victims, he said.
In 2009, Twitter was hit with the "StalkDaily" worm created by a 17-year-old. The worm created thousands of spam messages on the site by getting users to click on a malicious link. Lack of attention to security resulted in these worm attacks from occurring, Zhao said. In the case of Sina's social networking site, only tens of thousands of microblog users were affected, Zhao estimated.
Sina Weibo is one of China's largest Twitter-like services, and has become a hot new destination for the country's Internet users, which numbers at least 457 million, according to the China Internet Network Information Center.