Skip to main content

Tumblr users hit by worm spreading fake post

Tumblr has been hit by a worm that posted a racist message to users' blogs without their permission.

Tumblr is encouraging users who have viewed the post to "immediately" log out of any browsers that might be using Tumblr.

The fake post in question was created by a group that goes by the name Gay Ni**er Assocation of America (GNAA), which is described by Wikipedia as "an anti-blogging Internet-trolling organization." The fake post criticised Tumblr for the "propagation of the most f**king worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating." It goes on to accuse Tumblr users of being unoriginal, among other things, before suggesting that they kill themselves.

The post concludes by warning users that "attempting to delete these posts will delete your tumblr account, [so] by all means, go ahead!"

Yesterday, the GNAA tweeted via the @gary_niger handle that its fake post had hit 3,800 unique Tumblr users, a number that was later raised to 8,600, according to Gizmodo. Those tweets appear to have since been deleted. The @Gary_niger feed is currently re-tweeting messages of support as well as angry tweets from disgruntled Tumblr users.

According to Sophos analyst Graham Cluley, the worm appears to have taken advantage of Tumblr's re-blogging feature. "Anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages," Cluley wrote in a blog post.

Some users who were hit by the worm saw a pop-up message warning that Tumblr would be undergoing maintenance on 4 December, starting at 1 am. The pop-up gave users the option to "Stay on Page" or "Leave Page."

"If you were not logged into Tumblr when your browser visited the url, it would simply redirect you to the standard login page," Cluley wrote. "However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr."

Cluley likened the attack to the 2010 "mouse over" worm that hit Twitter.

According to BetaBeat, GNAA recently trolled Internet users - and online publications - via Twitter into believing that looting was taking place in the wake of Hurricane Sandy.

The GNAA is reportedly affiliated with Goatse Security, which counts the hackers associated with a 2010 iPad hacking case among its members.

A Tumblr spokeswoman later reported that "Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today."