andrew.hedges.name / blog

Dude. Mikeyy can’t even spell his own name.

12 April 2009 · Estimated reading time: 2 minutes

Yeah, I got p0wnd by the Mikeyy Worm on Twitter. It’s a simple JavaScript injection attack. You get it by visiting an infected person’s profile with JavaScript turned on in your web browser. Here’s how to stop the madness.

The first thing you need to do is turn off JavaScript! This is different on every browser, but this page has instructions for a few common ones.

Now that you have JavaScript disabled, you can fix your profile so you don’t infect anyone else. Follow these steps:

  1. Go to your password page and request a password reset. If you’ve been hacked, your password has been changed and you won’t be able to reset it any other way.
  2. Go to your settings page and delete anything you didn’t enter yourself (e.g., weird text in your bio, more info URL, etc.).
  3. Go to your profile design page and reset the colors for your profile. I found my link color had been changed to infected text. Unfortunately, you’ll have to have JavaScript turned on to change your colors through Twitter.com, but as long as you don’t visit anyone’s infected profile while you’re fixing your own, you should be OK.

That should do it. If you have seen cases where the above isn’t sufficient to fix a hacked profile, please describe the solution in the comments. Thanks!