The above images are safe screencaps taken by a tumblr user whose account has no signs of being compromised.
These are the KNOWN payloads of the spam. It is UNKNOWN at present if the infection is farming data, other logins, installing malware, etc.
To clean out your tumblr, you need to:
- Change your password. This seems to stop the spam. It does not solve all the problems, so please continue reading.
ADDITIONALLY, it is unknown at present if the spam is also delivering malware and what data it might be farming. You are STRONGLY ADVISED to:
- Go to SETTINGS, and where you have the option to POST BY EMAIL, click RESET. This closes a backdoor the spam could possibly use in the future.
- Update your security software and scan your entire system for malware. (Need freeware? Windows users, you want Microsoft Security Essentials; Mac users, get ClamXav. Linux users, you probably know what you’re doing already.)
- Change all other passwords that you have used since the spam started, and any which are autofilled by your computer.
It’s better to do this and not need to than it is to have your computer become part of a botnet and your identity exposed to theft. If you clicked on the link in the spam, these precautions become ESSENTIAL; in this case, I’d further advise running a few more malware sweeps over the next week, updating your software beforehand, to be absolutely certain.
Finally, please repost this to alert other tumblr users.