tumblr iphone5 staff blog spam


The above images are safe screencaps taken by a tumblr user whose account has no signs of being compromised.

There is an infectious spam doing the rounds on tumblr. Users visiting an infected user’s homepage are presented with the FAKE LOGIN in the first image; if they enter their details, a section of JavaScript is added to their own THEME so that their own homepage displays the fake login. Their wall is also spammed by reposts of the second image, accompanied by a link.

These are the KNOWN payloads of the spam. It is UNKNOWN at present if the infection is farming data, other logins, installing malware, etc.

To clean out your tumblr, you need to:

- Change your password. This seems to stop the spam. It does not solve all the problems, so please continue reading.

- Also, RESET YOUR THEME. This removes the rogue JavaScript. You can do this by changing your blog’s appearance, switching to a free theme (you must SAVE CHANGES), and then reselecting your original theme (again, save changes, obviously). This seems to kill the fake login window that is infecting other users. (It is also possible to do this by editing your theme’s html; my advice is to simply reinstall from scratch.)

ADDITIONALLY, it is unknown at present if the spam is also delivering malware and what data it might be farming. You are STRONGLY ADVISED to:

- Go to SETTINGS, and where you have the option to POST BY EMAIL, click RESET. This closes a backdoor the spam could possibly use in the future.

- Update your security software and scan your entire system for malware. (Need freeware? Windows users, you want Microsoft Security Essentials; Mac users, get ClamXav. Linux users, you probably know what you’re doing already.)

- Change all other passwords that you have used since the spam started, and any which are autofilled by your computer.

It’s better to do this and not need to than it is to have your computer become part of a botnet and your identity exposed to theft. If you clicked on the link in the spam, these precautions become ESSENTIAL; in this case, I’d further advise running a few more malware sweeps over the next week, updating your software beforehand, to be absolutely certain.

Finally, please repost this to alert other tumblr users.