How the Tumblr Worm Spread So Quickly ⇥ nakedsecurity.sophos.com
Graham Cluley for Sophos’ Naked Security blog:
If you were not logged into Tumblr when your browser visited the url, it would simply redirect you to the standard login page. However, if your computer was logged into Tumblr, it would result in the GNAA content being reblogged on your own Tumblr.
Very simple, and very clever. The hackers say they warned Tumblr weeks ago about this vulnerability.