“I am aware of the attack and yes I am behind this attack”, said Mikey Mooney a 17-year-old programmer who did it out of boredom, sending users to a website which he was trying to promote.
The comments, made to newswire service BNO come as Twitter says that it has now contained the series of worm attacks that caused panic amongst Twitterers over the Easter weekend.
In a statement on the company's blog, founder Biz Stone confirmed that on a "weekend normally reserved for bunnies, a worm took center stage".
According to Stone the worm, attacked the micro blogging site on three separate occasions over the weekend infecting a number of accounts and sending around 10,000 bogus tweets that pointed users to Mooney's website.
Using the worm to promote himself and his website Mooney said:
"I usually like to find vulnerabilities within websites and try not to cause too much damage, but start a worm or something to give the developers an insight on the problem and while doing so, promoting myself or my website".
Meanwhile Twitter has promised that the loop hole that allowed the worm to do the damage has now been fixed although admits it is "still reviewing all the details, cleaning up, and remain[ing] on alert".
Twitter, clearly not happy by the damage that it could have caused, says they are prepared to file a lawsuit against Mooney.
"The worm introduced to Twitter this weekend was similar to the famous Samy worm which spread across the popular MySpace social-networking site a while back. At that time, MySpace filed a lawsuit against the virus creator which resulted in a felony charge and sentencing. Twitter takes security very seriously and we will be following up on all fronts", founder Biz Stone said on the company blog.
Twitter and Mooney both confirm, the worm is mostly harmless. No passwords or other sensitive information are stolen in the attack.
If you are infected, Twitter recommends the following five steps below to remove the worm from your account:
1. Go to www.twitter.com.
2. Log in to the infected account.
3. Go to "Settings" in the menu.
4. Under "Name", remove the text in the field (which has been edited by the worm).
5. Remove the text under "More info URL", which has also been edited by the worm.
When you've completed those five steps, the worm is no longer active on your profile but you can easily get re-infected.