HOWTO: Protect Yourself On Twitter (Lessons Learned From The StalkDaily/Mikeyy Worms)

UPDATE: This article was written prior to the return of the Mikeyy virus, but the advice remains relevant and is good practice.

Thus far, nobody really knows what happened yesterday on Twitter with the StalkDaily explot. There’s been some speculation and the good news was that Twitter moved quickly to eliminate the problem. A 17-year old by the name of Mikeyy Mooney has claimed credit for the script, and looks responsible for the latest one that is doing the rounds (or is being scapegoated/glorified).

Twitter claims that nothing was jeopardised and I’m inclined to believe them. Still, when I recommended folk reset their passwords yesterday I was quite surprised at how many responses I got claiming that this course of action was either unnecessary or mad.

Here’s what I think: even if there was no risk to your password, why take the risk? If StalkDaily or whoever was responsible managed to find a way to add a script to my profile through a loophole on Twitter, what’s to stop them, or that script, doing something else?

Surely a policy of ‘better safe than sorry’ applies in all cases like this? You can always change your password back if you later discover there was no threat to your security. Hindsight is twenty-twenty.

StalkDaily received enormous publicity – indeed, it was this blog’s best-ever day. We doubled our subscriber rate and got a huge amount of mentions within the Twittersphere.

On the flip side, because of its success, it’s opened the door for copycat attacks, such as Mikeyy, which is currently running riot. I’d expect a few days of similar activity within the stream. Hopefully Twitter will continue to be on the ball.

In the meantime, what can we do to protect ourselves, both now and in the future?

1. Use A Twitter Client

Both StalkDaily and Mikeyy seem to be spreading via visits to user profiles on You can’t do this within a Twitter client so by using an application like TweetDeck you can eliminate a lot of the initial risk.

2. Avoid Visiting User Profiles On

This applies only during periods of worm infection. Certainly do not visit any user profiles that are obviously infected or make referencing to having been. Use common sense here. If somebody is making repeat tweets about a product or website and it seems out of character, avoid their profile (or direct messages).

3. Change Your Password

Again: why take the risk? I hope there has been no major exploit of user accounts, but just in case there has, is it not entirely sensible to be careful? It’s good practice to change your password regularly – certainly every 90 days or so. Make sure your password is complex and at least eight-characters in length. Use a password generator if you need some ideas.

4. Clean Up Your System

Download Spybot or a similar application that scans your system for malicious software. Run it today and then frequently thereafter. Again, there is no evidence that StalkDaily or anything else on Twitter exploited your machine but why take the chance?

5. Politely Warn People Who Are Clearly Infected

It’s pretty amazing how many people seemed unaware they were infected by the worm(s) until being told. If you see somebody is clearly infected – and it was obvious with StalkDaily and Mikeyy because everybody sent out the same tweets – then let them know with a polite reply. Don’t visit their profile, and don’t announce to your followers that they are infected, as this just increases the chance the other people will visit their profile, and may well hurt their reputation. (Indeed, consider deleting your warning tweet once they have resolved the issue.) Infection is nobody’s fault – it’s always accidental – but you can do your part to make sure infected users are aware of the problem.

6. Be Wary About Clicking On Shortened URLs

This absolutely applies only during a period of infection. Twitter is built around a 140-character limit and shortened URLs are an essential part of that system. However, if you’re at all concerned about a shortened URL, consider a service like ExpandMyURL, which allows you to check exactly where that link will lead.

7. Keep Your Eyes Open

Be sensible on Twitter, this week and in the future. This will not be an isolated incident. There’s no need to panic – this isn’t the T-Virus – but be mindful when visiting websites or user profiles on Twitter, certainly if you have any reason to be suspicious.

Regularly check your own profile to see if you are or have been sending out tweets that you did not write. If so, always delete them, use Twitter search to find a solution, and take action. Monitor Twitter’s status page closely.

You might consider a subscription to security expert Graham Cluley’s blog. Graham was very on-the-ball about the worms and seems to know his stuff.

Bonus Tip

If you use Firefox, install the free NoScript extension. This blocks all XSS exploits and will protect you on Twitter from worms that are similar to StalkDaily and Mikeyy.

(Or consider buying a Mac – it appears that the Mac has strong enough built-in security to resist XSS exploits.)


A lot of people have been impacted by StalkDaily and others over the past 24 hours. Twitter acted quickly to resolve the situation and one positive from malicious attacks is that they expose loopholes that can be closed to prevent similar and more damaging hacking attempts in the future. StalkDaily didn’t really do much harm, but now that exploit is closed it prevents a more dangerous assault from taking place.

Possibly, it’s exposed our own loopholes, too, as users. There is definitely no need to panic – Twitter contains very little personal information about us and the likely worse-case scenario of a total hack would be losing your account – but by following the advice above and taking precautions about how you engage with Twitter or any other network you can significantly reduce the risk of this happening to you again.