Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

Worm Squirms Through Google's Orkut
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 20 Dec 2007 00:21:43 -0600 (CST)
http://www.eweek.com/article2/0,1895,2237733,00.asp

By Ryan Naraine
eWEEK.com
December 19, 2007

Google's social network is hit by a fast moving worm that is attacking 
members of a Portuguese-language community.

A fast moving worm is squirming though Google's Orkut social network, 
adding hundreds of thousands of users to an Orkut community created by a 
Brazilian hacker.

The worm, which first appeared on Dec. 19, has been spreading through 
Orkut's Scrapbook system at a rapid pace, infecting more than 650,000 
users in the space of a few hours.

According to an alert from anti-virus specialist Trend Micro, infection 
starts when an Orkut user is sent an e-mail telling them that they have 
a new Scrapbook entry.

Logging into Orkut, the victim is greeted with Portuguese-language text 
that reads: "2008 vem ai que ele comece mto bem para vc." This 
translates to "2008 is comingI wish that it begins quite well for you".

No interaction is necessary. Simply looking at the scrap starts the 
infection sequence," says Trend Micro researcher Robert McArdle.

Once the scrap is viewed, it deletes itself and the victim is 
automatically added to the "Infectados pelo Vrus do Orkut" community.

Once a user becomes infected, the infected account downloads and 
executes an embedded Javascript that sends a copy of the original 
Scrapbook post to all the victim's contacts.

According to McAfee researcher Vinay Mahadik, the worm is abusing the 
ability to add JavaScript content to Orkut Scrapbook entries, a feature 
that was only recently introduced by Google.

"This clearly illustrates the issue with allowing rich-content on 
social/professional networking sites, and not sanitizing it enough," 
Mahadik said in an entry on the McAfee Avert Labs blog.

This is the second major worm attack to take aim at a popular social 
network. In October 2005, the Samy worm used cross-site scripting 
techniques to spread through MySpace, infecting more than a million 
users in less than a day.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/

  By Date           By Thread  

Current thread:
  • Worm Squirms Through Google's Orkut InfoSec News (Dec 19)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]