Comments on: Where did the Twitter “Don’t Click” attack come from?

By: rich

rich — Fri, 13 Feb 2009 14:05:17 +0000

Merci beaucoup for taking the time to reply, @umoor. I will admit that I was fooled by the exploit, and I smiled when I checked the source code to see how it worked. However I also saw a bit of panic from the non-technical people I follow on Twitter that their password had been stolen. I suppose the timing was unfortunate, as it came on the heels of that phishing scam a few weeks ago when people genuinely did lose their account details.

I do believe, however, that after watching it move quickly through the French-speaking Twitter community for two weeks, translating it into English on Feb 10th was rather cheeky!

By: rich

rich — Fri, 13 Feb 2009 13:56:50 +0000

Thank you, Korben, for clearing that up. And thank you for your kind words, Mack. I have added a link back to your excellently written technical description of the hack.

@startupz saw one of my tweets yesterday (he responded here) but hasn’t replied to the one I sent him (here). It would be interesting to track the epidomolgy of the first few hours, as it spread through the Twitter social graph.

By: umoor

umoor — Fri, 13 Feb 2009 13:55:29 +0000

Hi there.

In order to make things clear, and to show that unfortunatly I’m not that smart nor clever I wrote a little post. I never intended to take the credit of the discovery, and that is why I stated my source.

So I suppose I can be criticised even thought my intention was to make people smile.

As stated by Korben my mistake was to put a tweet link to the original trick page.

http://www.umoor.eu/blog/general/the-dont-click-effect

By: Mack Staples

Mack Staples — Fri, 13 Feb 2009 12:48:25 +0000

Well analyzed, Richard. Interesting assessment and probably exactly right. If startupz wasn’t following umoor, he probably saw it on the public timeline, clicked and there ya go. Hopefully startupz will respond to my tweet, and let me know where he found that initial link.

By: Korben

Korben — Fri, 13 Feb 2009 10:57:20 +0000

The truth is that i took the news from Padolsey
Then, i adapted it for my french readers with a PoC which was not a worm because the twitted links was a link to the homepage of my blog… Then umoor which is (i suppose) one of my reader, adapts the script to make it work like a worm (because the twitt message call the don’t click page) and call it “Don’t click”…

The rest of the story is well known…

Best regards

By: Twitter’s “Don’t Click” prank, explained

Twitter’s “Don’t Click” prank, explained — Thu, 12 Feb 2009 21:45:57 +0000

[...] Français) by the author of this attack, originally launched in January 2009. (There is some speculation that the code was taken directly from James Padolsey’s proof-of-concept, owing to the [...]