Sarah Wrote That
Recent Fiction
"All the Summers Ahead" | Five Chapters
"Barnegat Bay" | The Good Men Project
"Light at New Latitude" | PANK
"Social Utility" | Keyhole
"Where the Dust Went" | Atticus Review
-
-
…and in light trading among spambots, yesterday’s tagged post was down 7…
-
Tumblr Malware: An Investigation
It’s become a real nuisance blocking the spam accounts that “like” my posts. Usually they’re pretty easy to spot—x-rated avatars, names like “hottttseexxx[random number]” that somehow seem unlikely to be going around liking literary posts—but lately some of them are a lot less obviously bot-generated, and I hope Tumblr does something to address the situation in a more systematic way than depending on us notifying them, because these folks not just selling Viagra. They’re embedding malware, and an unwise click-thru will get you a nice Trojan horse.
I had thought that Chrome would let me view page source without loading it. Turns out, it doesn’t, and within a minute I had an alert to remove malicious Java applets. They were supposedly Windows-only, but they were generating a host of http connections to sites whose DNS didn’t resolve, so Airport went off for a while.
I took a screen-cap before closing my browser window:
(image links to higher-res version; if you’re viewing from the Tumblr dash, click here)
I’m not going back to find out if I overlooked anything else, but I’m pretty sure these are the culprits. Both URLs resolve to files hosted on nasa.gov, with plain text at their tops, and then a bunch of binary stuff (I think they’re safe to view as source code, and that they have to be loaded into your Flash player to run…. though I’m trusting my skillz a bit less after this little misadventure). The really suspicious thing is that when I Googled the (Yahoo-hosted) URL that my Mac kept connecting to, the third or fourth thing that came up was the file on nasa.gov that I’d just been studying. So I’m guessing that somehow it’s loading itself through masquerading as a Flash movie.
Tumblr is not hosting the malware, but this stuff is being served up to whoever goes to these Tumblrs. If you Google “Tumblr bot” you can find ads for freelancers to script auto-logins and username-changers, scripts to load pix. Creepy.
I’d be willing to put up with a lot more robust authentication to keep these folks out.
-
One For The Tumblr Wish-List
An option to specify a custom slug for the ‘notes’ next to your name/avatar when adding text to a reblog.
