Tumblr virus. Don’t click tantalizing emo thread.

[Update February 29, 2012. There is/was another, similar Tumblr virus today. You may be searching for info about it. Screenshot here.]

[ Update: 1:25 PM Pacfic. Tumblr confirms that no account credentials were compromised]

[ Update: 10:26 AM Pacific: All-clear from Tumblr. It is safe to enter the Dashboard chamber. ]

[ Update: 9:10 AM Pacific. While no all-clear has been given by Tumblr (watch their Twitter, which gets updated more frequently than their blog during infrastructure issues), the virus “danger zone” has probably passed, and we can crawl out of our holes now. At around 8:30 AM Pacific, Tumblr appeared to have put all of Tumblr in read-only mode to “stop the bleeding.” Then at around 8:55 AM Pacific, we were able to create/edit/reblog posts again. This suggests to me that Tumblr thinks things are under control. Again, I am not a doctor/no official statement from Tumblr. But… context clues, people.]

Many, many people are seeing the post below in their dashboard. [update: it can get you when viewing on the web as well.] Do not click anything. Even attempting to close the tab will get you modal that will repost it to your feed, regardless of the button you click (yep, no auth, no phishing… impressive!).

(The video thumbnail is tempting to click. But it’s not real. It will get you. RESIST.)

It also threatens that if you delete the post, your account gets deleted. With a test account, I have not experienced this. In other words, I’d go ahead and delete the post. (I am not a doctor, don’t work for Tumblr, etc)

Don’t link to anybody else’s hacked page. If you’re not logged in to Tumblr, it’s somewhat safe to gawk at. But most people probably are logged in to Tumblr, and even attempting to close a hacked tab will likely result in the virus spreading (really).

it’s probably a good idea to just stay away from your Dashboard for a bit, and be careful what you click today out on the web/from Twitter/Facebook.

If you have a an open tab to a hacked page and don’t know what to do, you can kill that tab as a way to safely detonate, or kill/crash your browser from your operating system (any click inside anywhere in your browser will bring up the hacked modal).