GNAA Hacker Group Attacks Tumblr Accounts – Tumbler Worm Spreading
Wednesday 23rd July 2014,

Malware & PC Security News

Ξ Leave a comment

GNAA Hacker Group Attacks Tumblr Accounts – Tumbler Worm Spreading

posted by OnlineSafety411 Advisor  
Filed under Malware & PC Security News, Online Safety Threat Alerts


During the first week of December, a virus quickly spread through the Tumblr – a microblogging platform.  The transmittable worm caused users to immediately reset their passwords.

SophosLabs, a web security firm, attempted for Tumblr to recompose the websites and further review and investigate to see how the virus spread so rapidly.

What could possibly cause this havoc so fast?

The re-blogging feature.

In a blog post posted by SophosLabs, “It appears that the worm took advantage of Tumblr’s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages,” SophosLabs also stated that the virus was concealed within the iFrame (compression- the tag can specify an inline frame that is used to embed documents within an HTML document; supported in most of the popular web / Internet browsers)  With this embedded code (Base64), it is unable for anyone to actually see and the virus will appear as a scrabbled text.

According to SophosLabs, “If you were not logged into Tumblr when your browser visited the URL, it would simply redirect you to the standard login page,”….. “However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr.”

The GNAA, Gay N***** Association of America, it is being reported that the GNAA is responsible for the sudden attack of approximately 8,000 Tumblr blogs.  The GNAA is a well-known group that is known for their Internet hacking techniques.  Luckily, the hackers were not able to post the worm on a Javascript application; however, some 83.2 million blogs were interrupted by explicit messages.  The messages indicate that the sites were of no value.

Most Users detected the worm via a pop-up window that was a Tumblr prompt in disguise. Internet Users were greeted by the following:

Dear Tumblr Users,

We have taken the liberty of upgrading your rather tasteless we must say, blog to our premier GNAA Deluxe Gary Niger. This is in response to the seemingly pandemic growth and world-wide propagation of the most XXXX worthless, contrived, bourgeoisie, self-congratulating and decadent b******* the internet ever had the misfortune of facilitating. However, we do not believe you are beyond redemption……..Fret not, dear emo, your death will be regarded as a sacrifice to humanity ; to die a martyr is a glorious death , and will likely be your highest contribution to society.

Leon Kaiser, the GNAA spokesman stated that “This was just another part of our ‘anti-blogging’ campaign” The GNAA group believes that blogging is a fallen form of want-to-be journalist that entails bloggers trying to capture the Internet audience by any means necessary.

SophosLabs indicated that the problem was resolved within hours of the first worm report.

comments powered by Disqus

Search OnlineSafety411.com

Our Site is Safe

onlinesafety411.com Webutation

We Speak Your Language! - Translate This Site Now

    Translate to: