Tumblr was hit by a massive worm Sunday evening, affecting blogs by USA Today and Reuters. According to CNET, the worm left thousands of Tumblr sites with a post advising users to commit suicide. The hacker group GNAA claimed responsibility for the attack. Their Twitter profile said 8,600 unique Tumblr users were affected. In a blog post, Tumblr apologized to users and said no accounts were compromised and users didn’t need to take any further action.
Chester Wisniewsi, a Sophos senior security advisor, told CNET that a malicious code was embedded in each affected post and it spread like a web virus. He added the attack could have been prevented, but there are tens of thousands of ways to add code to a page and sometimes it difficult for newer companies to identify and plug all the holes. Art Coviello, executive chairman of EMC’s RSA security business, predicted that hackers will get more sophisticated, and said it’s highly likely that they will move beyond intrusion and espionage to destruction of critical infrastructure.