January 29, 2012   196 notes

The above images are safe screencaps taken by a tumblr user whose account has no signs of being compromised.

There is an infectious spam doing the rounds on tumblr. Users visiting an infected user’s homepage are presented with the FAKE LOGIN in the first image; if they enter their details, a section of JavaScript is added to their own THEME so that their own homepage displays the fake login. Their wall is also spammed by reposts of the second image, accompanied by a link.

These are the KNOWN payloads of the spam. It is UNKNOWN at present if the infection is farming data, other logins, installing malware, etc.

To clean out your tumblr, you need to:

- Change your password. This seems to stop the spam. It does not solve all the problems, so please continue reading.

- Also, RESET YOUR THEME. This removes the rogue JavaScript. You can do this by changing your blog’s appearance, switching to a free theme (you must SAVE CHANGES), and then reselecting your original theme (again, save changes, obviously). This seems to kill the fake login window that is infecting other users. (It is also possible to do this by editing your theme’s html; my advice is to simply reinstall from scratch.)

ADDITIONALLY, it is unknown at present if the spam is also delivering malware and what data it might be farming. You are STRONGLY ADVISED to:

- Go to SETTINGS, and where you have the option to POST BY EMAIL, click RESET. This closes a backdoor the spam could possibly use in the future.

- Update your security software and scan your entire system for malware. (Need freeware? Windows users, you want Microsoft Security Essentials; Mac users, get ClamXav. Linux users, you probably know what you’re doing already.)

- Change all other passwords that you have used since the spam started, and any which are autofilled by your computer.

It’s better to do this and not need to than it is to have your computer become part of a botnet and your identity exposed to theft. If you clicked on the link in the spam, these precautions become ESSENTIAL; in this case, I’d further advise running a few more malware sweeps over the next week, updating your software beforehand, to be absolutely certain.

Finally, please repost this to alert other tumblr users.

  1. sheaintmygurl reblogged this from lindsay40k
  2. rebellionyouth reblogged this from lindsay40k
  3. heteroclite reblogged this from whenitfalls
  4. whenitfalls reblogged this from de-sidera
  5. the1dmusicmakesmeloosecontrol reblogged this from lindsay40k
  6. unlucky-day reblogged this from de-sidera
  7. de-sidera reblogged this from lindsay40k and added:
    Oh God, I hope this works.
  8. kewlkiddd reblogged this from lindsay40k
  9. clairemlovesu2 reblogged this from lindsay40k
  10. autumnrhythm30 reblogged this from kore-r
  11. mhmdme reblogged this from gluttonyisnotbad
  12. gluttonyisnotbad reblogged this from lindsay40k
  13. kore-r reblogged this from lindsay40k
  14. bigbadaboom reblogged this from lovegaps
  15. jacknicholsonofabitch reblogged this from fractalrevenge
  16. fractalrevenge reblogged this from lindsay40k and added:
    ahem
  17. marezie reblogged this from lindsay40k and added:
    And I now will fix the issue. fuh.
  18. queenmisread reblogged this from lindsay40k
  19. will-hawley reblogged this from lindsay40k
  20. hate-crew reblogged this from virulillo and added:
    EN ESPAÑOL PARA EL VIRULILLO, SUS SEGUIDORES Y A QUIEN LE SIRVA (TRADUCIDO POR PASTELILLO) Las imágenes de arriba son...
  21. ihatepullups reblogged this from lindsay40k
  22. xxangie5xx reblogged this from flywatson
  23. flywatson reblogged this from lindsay40k
  24. breakfast-clique reblogged this from lindsay40k
  25. virulillo reblogged this from lindsay40k
  26. i-can-break-yoor-table-zayn reblogged this from lindsay40k
  27. searching-for-wonderland reblogged this from lindsay40k
  28. tainttedhappiness reblogged this from vickyalexandra
  29. vickyalexandra reblogged this from lindsay40k
  30. xdonotdrinkme-teax reblogged this from fashionoverrated
  31. fashionoverrated reblogged this from notr-atchet
  32. imsofriki reblogged this from lindsay40k