Tumblr users who viewed the malicious post, if logged in at the time, would find that a racist diatribe had been automatically published to their own account. Initially, Tumblr issued only two short statements to Twitter on the attack, saying in an early-afternoon tweet that the racist message had not widely spread.
“Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs. Thanks for your patience,” the company stated.
“It appears that the worm took advantage of Tumblr’s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages,” stated Graham Cluley, a senior technology consultant with the antivirus software maker.
According to the post added by the virus, which is also being called a worm, a group of online malcontents—or trolls—is responsible for the malicious code. While the content of the message was thrown together to garner attention, the actual impact of the attack could have been worse, Chet Wisniewski, a senior security adviser with Sophos, said during an afternoon call.
Yet, the site reacted quickly and, after the company temporarily suspended posting to the service to slow down the virus, appears to have cleaned up the attack, he said.
In the past five years, for example, a number of worms have spread through Twitter, including one that jumped from account to account, in a way similar to the Tumblr virus. Facebook has seen its share of worms as well, including the infamous Koobface worm, which would infect users’ systems with malicious code.
At the end of the day, Tumblr issued another statement apologizing for the incident.
“No accounts have been compromised, and you don’t need to take any further action,” the company said in a statement sent to eWEEK. “Our sincere apologies for the inconvenience. As always, we are going to great lengths to make sure this type of abuse does not happen again.”