The attack is more of a nuisance than malicious – its only activity is to post unwanted messages.

How Mikeyy Works

---

Mikeyy appears to use the same technique as StalkDaily, suggesting that the issue has not been fully fixed: exactly like yesterday’s exploit, it adds an executable script after #color in the CSS. There are multiple user-editable fields in the Twitter settings, and our best guess is that the exploit is using a different field for input.

It appears to be more of a nuisance than malicious at this point – the attacker is pointing out that Twitter has not fully fixed the issue.

---

What To Do

---

To prevent infection, it’s smart to:

1. Stop visiting Twitter profiles on the web, since these are the source -

2. You might want use a 3rd party app like TweetDeck () or Seesmic Desktop for now

3. Disable javascript in your browser settings, or use a Firefox () add-on like no-script, which stops unwanted scripts from running

If you’re affected by Mikeyy, it’s smart to:

1. In your browser settings, clear your cache and cookies

2. Also in your browser settings, turn off javascript

3. Log into Twitter. Go to your Twitter settings and check for anything suspicious, particularly in the URL or location. If there’s anything there, delete it fully and replace with your actual URL and location.

4. Re-enable javascript and check the Design section of your Twitter profile to make sure there are no changes to your profile colors. If there are, delete these too and replace with whatever colors you want.

5. Delete unwanted Tweets containing Mikeyy

6. As an extra precaution, reset your Twitter password.

7. Log out of your account.

8. Since there are claims that Mikeyy may re-activate on login at Twitter.com, you may wish to continue using Twitter via a desktop client like TweetDeck or Seesmic Desktop, rather than on the web.

For more info, check the blog Twittercism