(Lessons Learned From The StalkDaily Twitter Hack)1. Use A Twitter Client
Both StalkDaily and Mikeyy seem to be spreading via visits to user profiles on Twitter.com. You can’t do this within a Twitter client so by using an application like TweetDeck you can eliminate a lot of the initial risk.2. Avoid Visiting User Profiles On Twitter.com
This is a temporary measure. Certainly do not visit any user profiles that are obviously infected or making reference to having been. Use common sense here. If somebody is making repeat tweets about a product or website and it seems out of character, avoid their profile (or direct messages).3. Change Your Password
Again: why take the risk? I hope there has been no major exploit of user accounts, but just in case there has, is it not entirely sensible to be careful? You can always change it back once all the fuss is over. But it’s good practice to change your password regularly - certainly every 90 days or so. Make sure your password is complex and at least eight-characters in length. Use a password generator if you need some ideas.4. Clean Up Your System
Download Spybot or a similar application that scans your system for malicious software. Run it today and then frequently thereafter. Again, there is no evidence that StalkDaily or anything else on Twitter exploited your machine but why take the chance?5. Keep Your Eyes Open
Be sensible on Twitter, this week and in the future. This will not be an isolated incident. There’s no need to panic - this isn’t the T-Virus - but be mindful when visiting websites or user profiles on Twitter, certainly if you have any reason to be suspicious.
Regularly check your own profile to see if you are or have been sending out tweets that you did not write. If so, always delete them, use Twitter search to find a solution, and take action. Monitor Twitter’s status page closely.
You might consider a subscription to security expert Graham Cluley’s blog
. Graham was very on-the-ball about StalkDaily and seems to know his stuff.Bonus Tip
If you use Firefox, install the free NoScript extension. This blocks all XSS files and will protect you on Twitter from exploits such as StalkDaily and Mikeyy.