Tumblr Accounts Hacked By 'Racist' Javascript Virus – Thousands Affected

By Alexandra Burlacu | Dec 04, 2012 10:14 AM EST

Share This Story

  • Print
  • Email

A malicious worm has hit popular site Tumblr, posting a racist message to users' blogs without their permission.

In response, Tumblr is encouraging users who have seen the post to immediately log out of browsers that might be using the service.

Follow us

"We are aware that there is a viral post circulating on Tumblr. We are working to resolve the issue as swiftly as possible. Thank you," the company posted on Twitter.

The message posted on users' blogs is the work of a group that goes by the name of Gay Ni**er Association of America (GNAA), an "anti-blogging Internet-trolling organization," as Wikipedia defines it.

"[The] propagation of the most fu**ing worthless, contrived, bourgeoisie, self-congratulating and decadent bulls**t the Internet has ever had the misfortune of facilitating," the fake post described Tumblr. The message further accuses Tumblr users of being unoriginal, among others, and suggests they kill themselves.

"Attempting to delete these posts will delete your tumblr account, [so] by all means, go ahead!" concludes the post.

On Monday, Dec. 3, the GNAA tweeted via the @gary_niger account that its fake message had hit 3,800 unique Tumblr users. According to Gizmodo, that number was later raised to 8,600 affected users. While those tweets seem to have been deleted in the meantime, the @gary_niger handle is currently re-tweeting messages of support, as well as Twitter responses from angry Tumblr users.

The worm in question seems to have taken advantage of Tumblr's re-blogging feature, said Sophos security analyst Graham Cluley. The analyst explained in a blog post that any user who was logged into Tumbler would automatically re-blog the infectious post simply by visiting one of the offending pages.

Some users who were affected by the malware saw a pop-up message warning them that Tumblr would be undergoing maintenance on Dec. 4, starting at 1 a.m. The pop-up gave users two options: "Stay on Page" or "Leave Page."

If a user was not logged into Tumblr, visiting the infectious url would simply redirect them to their standard login page, Cluley further explained. If the computer was logged into Tumblr, however, the GNAA content was re-blogged on their Tumblr.

According to Tumblr, its engineers have managed to resolve the issue and get things back on track. The company further assures its users that no accounts have been compromised, and no action is necessary on their part. 

 

Get the Most Popular Mobile&Apps Stories in a Weekly Newsletter

© 2014 Mobile & Apps All rights reserved. Do not reproduce without permission.

Featured Video : Intel Pocket Avatars

Join Our Conversation

Smartphones
HTC One M8HTC One M8 with Windows Phone 8.1 instead of Android to launch later this year?
Apple Retail Stores to allow iPhone purchases through U.S. carriers’ early upgrade programs
Google Nexus 6 to come this fall from Motorola, codenamed ‘Shamu’?
LG readying Windows Phone 8.1 smartphone?
Tablet / Laptop / PC
Dell Venue 7 and Venue 8Dell unveils Venue 7 and Venue 8 Android 4.3 Jelly Bean tablets
Retina iPad Mini facing delays, may not launch until early next year
Refurbished 128GB iPad with Retina Display now available on the Apple Online Store
Samsung Galaxy Note 10.1 – 2014 Edition: Pricing and availability now official
Gadgets
Amazon LogoAmazon reportedly to launch ‘Firetube’ set-top box before 2013 holidays
Samsung Galaxy Note 3 and Galaxy Gear India launch: Pricing and availability
Samsung Galaxy Gear Android smartwatch now up for pre-order in Canada
Samsung Galaxy Gear 2 reportedly in the works already, may debut at CES or MWC 2014
OS / Software
HTC LogoHTC reportedly considering Android/Windows Phone dual-booting smartphone as Microsoft pushes for deeper Windows mobile integration
iOS 7 Chrome Incognito mode leaks private searches due to bug
Sprint HTC One Android 4.3 Jelly Bean already rolling out, AT&T, T-Mobile & Verizon to follow
Microsoft Windows 8.1 now available for pre-order
Internet / Social Media
Google DowntimeGoogle blacks out for two minutes, causes 40 percent drop in world’s Internet traffic
Xbox Music web player is live and ready for Xbox Music Pass subscribers
Facebook Android app collected phone numbers even if users never logged in
Firefox 22 brings support for web video calls, 3D gaming, and Unreal Engine 3
What's App
PayPal iOS appPayPal for iOS update brings loyalty card support, other features and enhancements
Facebook Slingshot now official to challenge Snapchat – What makes it stand out?
Pinterest update brings Guided Search to desktop users (VIDEO)
SwiftKey goes free on Google Play, boasts great new features & improvements
Copyright © 2014 Mobile & Apps All rights reserved. mobilenapps
Real Time Analytics