Worm on Google’s Orkut Infects Users Rapaciously

A Portuguese worm that spreads rapidly hit the Orkut social networking site of Google and infected numerous users. The affected users received e-mail informing them that another user on Orkut had sent them an entry for Scrapbook on their profile.

By simply viewing the profile page, the worm infected the users who were added to the Orkut group called "infectados pelo Virus do Orkut" meaning "infected by the Orkut virus", wrote Kee Hinckley, a blogger of the site TechnoSocial. PCWorld published this in news on December 19, 2007.

The virus added a malicious code of a Flash-based JavaScript onto the profile of a user and then e-mailed a note to all the addresses on the victim's contact list. Consequently, people who opened the e-mail too were infected.

The infection occurred with the exploitation of a security hole that an XSS fault created in a code designed by Google webmasters. XSS flaws allow hackers to inject malware by deceiving a browser that the file sent is from a reliable website.

Just as is typical of an XSS-based attack, the virus was made less severe by applying the NoScript plugin. The worm runs on Mozilla's Firefox browser and does not allow execution of JavaScript, Java, Flash, or any other risky code on unreliable websites.

The group seemed to have over 655,000 members of which some might have joined at their own will rather than being forced by the nasty worm. However, within few hours, Google shut down the cross-site scripting vulnerability that allowed the attack.

The worm came to the notice of Orkut Plus, a website that provides security tips for Orkut users. The site is also a subject of discussion in Orkut help group of Google.

CTO David Maynor of Errata Security, a security services company, said that such attacks were shifting the model and it wouldn't be difficult for the Orkut worm creators to steal login credentials of a user on Orkut. The credentials are used for accessing Google calendar accounts and mail, Google web searches and the recent Google map. The Register published this on December 19, 2007.

Related article: Worm Spreads With Random Subject Lines

» SPAMfighter News - 04-01-2008

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next