News. Infosec Island. Slashdot (16) Help Net Security - Security World. The Register: Sci/Tech News for the World. Security Research Center - Network World. How the Tumblr worm spread so quickly. Although Tumblr is now cleaning-up pages which were affected by today's worm, SophosLabs was able to briefly explore how the infection spread.
It appears that the worm took advantage of Tumblr's reblogging feature, meaning that anyone who was logged into Tumblr would automatically reblog the infectious post if they visited one of the offending pages. Each affected post had some malicious code embedded inside them: The Base 64 string was actually encoded JavaScript, hidden inside an iFrame that was invisible to the naked eye, that dragged content from a url.
Once decoded, the intention of the code becomes more clear. The first stop for security news.