Worm Squirms Through Google's Orkut

Worm Squirms Through Google's Orkut
Worm Squirms Through Google's Orkut,1895,2237733,00.asp 

By Ryan Naraine
December 19, 2007

Google's social network is hit by a fast moving worm that is attacking 
members of a Portuguese-language community.

A fast moving worm is squirming though Google's Orkut social network, 
adding hundreds of thousands of users to an Orkut community created by a 
Brazilian hacker.

The worm, which first appeared on Dec. 19, has been spreading through 
Orkut's Scrapbook system at a rapid pace, infecting more than 650,000 
users in the space of a few hours.

According to an alert from anti-virus specialist Trend Micro, infection 
starts when an Orkut user is sent an e-mail telling them that they have 
a new Scrapbook entry.

Logging into Orkut, the victim is greeted with Portuguese-language text 
that reads: "2008 vem ai que ele comece mto bem para vc." This 
translates to "2008 is comingI wish that it begins quite well for you".

No interaction is necessary. Simply looking at the scrap starts the 
infection sequence," says Trend Micro researcher Robert McArdle.

Once the scrap is viewed, it deletes itself and the victim is 
automatically added to the "Infectados pelo Vrus do Orkut" community.

Once a user becomes infected, the infected account downloads and 
executes an embedded Javascript that sends a copy of the original 
Scrapbook post to all the victim's contacts.

According to McAfee researcher Vinay Mahadik, the worm is abusing the 
ability to add JavaScript content to Orkut Scrapbook entries, a feature 
that was only recently introduced by Google.

"This clearly illustrates the issue with allowing rich-content on 
social/professional networking sites, and not sanitizing it enough," 
Mahadik said in an entry on the McAfee Avert Labs blog.

This is the second major worm attack to take aim at a popular social 
network. In October 2005, the Samy worm used cross-site scripting 
techniques to spread through MySpace, infecting more than a million 
users in less than a day.

Visit InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods