January 29, 2012   200 notes

The above images are safe screencaps taken by a tumblr user whose account has no signs of being compromised.

There is an infectious spam doing the rounds on tumblr. Users visiting an infected user’s homepage are presented with the FAKE LOGIN in the first image; if they enter their details, a section of JavaScript is added to their own THEME so that their own homepage displays the fake login. Their wall is also spammed by reposts of the second image, accompanied by a link.

These are the KNOWN payloads of the spam. It is UNKNOWN at present if the infection is farming data, other logins, installing malware, etc.

To clean out your tumblr, you need to:

- Change your password. This seems to stop the spam. It does not solve all the problems, so please continue reading.

- Also, RESET YOUR THEME. This removes the rogue JavaScript. You can do this by changing your blog’s appearance, switching to a free theme (you must SAVE CHANGES), and then reselecting your original theme (again, save changes, obviously). This seems to kill the fake login window that is infecting other users. (It is also possible to do this by editing your theme’s html; my advice is to simply reinstall from scratch.)

ADDITIONALLY, it is unknown at present if the spam is also delivering malware and what data it might be farming. You are STRONGLY ADVISED to:

- Go to SETTINGS, and where you have the option to POST BY EMAIL, click RESET. This closes a backdoor the spam could possibly use in the future.

- Update your security software and scan your entire system for malware. (Need freeware? Windows users, you want Microsoft Security Essentials; Mac users, get ClamXav. Linux users, you probably know what you’re doing already.)

- Change all other passwords that you have used since the spam started, and any which are autofilled by your computer.

It’s better to do this and not need to than it is to have your computer become part of a botnet and your identity exposed to theft. If you clicked on the link in the spam, these precautions become ESSENTIAL; in this case, I’d further advise running a few more malware sweeps over the next week, updating your software beforehand, to be absolutely certain.

Finally, please repost this to alert other tumblr users.

  1. masterdonax reblogged this from elobavy
  2. sheaintmygurl reblogged this from lindsay40k
  3. rebellionyouth reblogged this from lindsay40k
  4. heteroclite reblogged this from whenitfalls
  5. whenitfalls reblogged this from de-sidera
  6. themusicmakesmeloosecontrol reblogged this from lindsay40k
  7. de-sidera reblogged this from lindsay40k and added:
    Oh God, I hope this works.
  8. kewlkiddd reblogged this from lindsay40k
  9. clairemlovesu2 reblogged this from lindsay40k
  10. autumnrhythm30 reblogged this from kore-r
  11. mhmdme reblogged this from gluttonyisnotbad
  12. gluttonyisnotbad reblogged this from lindsay40k
  13. kore-r reblogged this from lindsay40k
  14. bigbadaboom reblogged this from lovegaps
  15. fractalresilience reblogged this from lindsay40k and added:
    ahem
  16. marezie reblogged this from lindsay40k and added:
    And I now will fix the issue. fuh.
  17. queenmisread reblogged this from lindsay40k
  18. will-hawley reblogged this from lindsay40k
  19. hate-crew reblogged this from virulillo
  20. ihatepullups reblogged this from lindsay40k
  21. xxangie5xx reblogged this from flywatson
  22. flywatson reblogged this from lindsay40k
  23. virulillo reblogged this from lindsay40k
  24. i-can-break-yoor-table-zayn reblogged this from lindsay40k
  25. searching-for-wonderland reblogged this from lindsay40k
  26. tainttedhappiness reblogged this from vickyalexandra
  27. vickyalexandra reblogged this from lindsay40k
  28. teaesperanza reblogged this from fashionoverrated
  29. fashionoverrated reblogged this from xsmiley-xo
  30. imsofriki reblogged this from lindsay40k