Image of the Tumblr's tweeet announcing the all clear after what must have been a busy morning de-worming their site. (Credit: Twitter, screenshot)

USA Today, Reuters, Entertainment Weekly and thousands of other Tumblr blogs were attacked by a worm set up by the Gay N***** Association of America (GNAA) today.  Networking company Cisco explains the definition of a worm:

“Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. In contrast to viruses, which require the spreading of an infected host file, worms are standalone software and do not require a host program or human help to propagate. To spread, worms either exploit a vulnerability on the target system or use some kind of social engineering to trick users into executing them. A worm enters a computer through a vulnerability in the system and takes advantage of file-transport or information-transport features on the system, allowing it to travel unaided.”

The spam post read in part that it was “in response to the seemingly pandemic growth of the most F****** WORTHLESS, CONTRIVED, BOURGEOISIE, SELF-CONGRATULATING AND DECADENT BULL**** THE INTERNET EVER HAD THE MISFORTUNE OF FACILITATING.”  See the post below. iMediaEthics used red pen to block out profanities.

Image of the Tumblr post that the worm generated through reblogging feature on Tumblr. (Credit: Tumblr, screenshot, red marker added)

The Guardian reported that the spam posts were “just another part of our ‘anti-blogging campaign'” according to Leon Kaiser, “a GNAA spokesperson,” Further, Kaiser said that

“GNAA’s stance on blogging in general has always been a negative one: in short, blogging is lowering journalistic standards to the point where the number of friends a murderer has on Facebook has become news.”

CNET noted that GNAA tweeted that it hit “8,600 uniques” with the worm.

In response to the attack, USA Today posted that “lots of news Tumblrs [were] getting hacked”, including itself, and that it “had to delete more than 200 posts.”  Entertainment Weekly posted “apologies” and questioned “virus?” while Reuters (who was hacked three times in a month) pointed to SophosLabs’ blog on the “worm,” which explained:

“It appears that the worm took advantage of Tumblr’s reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages.

“Each affected post had some malicious code embedded inside them.”

According to USA Today, Tumblr issued a statement commenting:

“There is a viral post circulating on Tumblr which begins ‘Dearest Tumblr users’…If you have viewed this post, please log out of all browsers that may be using Tumblr immediately. Our engineers are working to resolve the issue as swiftly as possible. Thank you.”

iMediaEthics wrote to Tumblr asking how the worm started, and what Tumblr will do to ensure similar incidents don’t happen again. A Tumblr spokesperson sent iMediaEthics a statement reading:

“Tumblr engineers have resolved the issue of the viral post attack that affected a few thousand Tumblr blogs earlier today. Thank you for your patience.”

Tumblr also tweeted that statement at 1:24 PM EST.

iMediaEthics wrote to GNAA and asked if they have specific complaints about standards in journalism.  Leon Kaiser told iMediaEthics by email that:

“If there’s one thing lacking from modern journalism, it is indeed integrity. More specifically, fact checking. As we demonstrated with our ‘Sandy Loot Crew’ hoax, journalists no longer care for the meat of the events – that is the truth. Careless bloggers turned ‘journalists’ are making a living pressing more fat than meat, and incorrectly so.”

As if to highlight the point about fact checking, Slate, Buzzfeed and Gizmodo reported that the first Tumblr affected was apparently the online “community newspaper” the Daily Dot. When asked about the first account spammed, Kaiser told iMediaEthics:

“The Daily Dot was not the first account affected. It may have been the first notable account affected, but that is speculation on my part.”

In a later update, Gizmodo noted that the first account infected was OhMyGodAnyway Tumblr.

When asked for comment on how GNAA felt about the news coverage the hack was receiving, Kaiser went on to say:

“The media always glosses over the details when it comes to computers, that’s nothing new. I’d just like to reemphasize the fact that not a single account was ‘compromised’ or ‘stolen’. The script did one thing and one thing only: make blog posts.”

Many media outlets, such as BuzzFeed have told people to “change your password” but they are quick to point out this is just a precaution:

“There’s no evidence yet that this exploit actually accessed your account, or steals your password, but at this point it’s probably still a good idea.”

The last time GNAA made news was November 2012, for the “Sandy Loot Crew” hoax that Kaiser references above. The group posted multiple tweets feigning to organize and brag about a looting spree in the storm-ravaged areas of New York and posted fake pictures of looters stealing items, such as a television or a cat.  The tweets caused quite a stir and fooled a few news outlets including The Daily Mail. and the Drudge Report, both of which cited tweets or photos posted by people purportedly affiliated with GNAA.

Despite GNAA’s clear and widespread criticism of “modern journalism,” the issues the group are bringing up are being ignored wholesale by the media.  Gawker describes GNAA as “screwing with media organizations for laughs.” They mention the Sandy looter story but they do not get into question of fact checking or if it is more important to be first or be right.

Slate said of GNAA that “as a trolling group, the GNAA has no real defined mission, other than to wreck havoc on the Internet.”  iMediaEthics has followed up with GNAA to see if this if how they would describe themselves.

It is hard to say if GNAA is laughing but it seems fairly certain that the media and Tumblr users are not.