Orkut scrap worm on rampage-How safe is Orkut

Posted on January 7, 2008 by Inderjeet

Orkut (google) is considered to be a safe social networking site, but a few days back a worm first of its kind has hit orkut.This worm named virus.js has popped-up a question about how safe these social networks are and how can safety be maintained without effecting the openness of these social networks.

Virus.js worm outbreak has hit users of Google’s Orkut network, with 700,000 users becoming infected in the first 24 hours. This outbreak has many similarities with the ‘Samy’ worm on MySpace in 2005. It propagates by sending messages to everyone on the ‘friends’ list of each newly infected user. It demonstrates the power of so-called cross-site scripting attacks (XSS) and runs by appending a malicious piece of JavaScript to the user’s profile. It exploits a loophole in the Google webmaster’s design. The relatively harmless worm appears to use JavaScript and Flash code to create new scrapbook entries on profiles with a New Year’s message in Portuguese before propagating to the victim’s friends.This virus has mainly harmed users of Brazil and Portugal. Luckily it has not hit Indian profile yet.

User doesnot have to click any link for execution,it starts works automatically when the scrapbook-page loads and prompts user to join the community named in portugese as

“Infectados pelo Vírus do Orkut” means “Infected by Virus Orkut.”

It has not caused much harm to users but has spammed orkut heavily.

This is not the first attack on Orkut’s users; there was a phishing attack in June 2006 which was mainly aimed at Brazilian users. However, that used more conventional attachment-based malware to propagate. As of today, the virus.js script is no longer available on the site and it seems as if there have been adequate checks implemented by Orkut to validate content when posting a scrap. The malicious scraps have also been deleted from the scrapbook of the infected users.

Google needs to impose proper checks on the content being posted on Orkut by using filters and scanning attachments.Privacy in social networking should be increased for its bright future.

Popularity: 3% [?]

About Inderjeet

Inderjeet Singh is the founder and main author of Tech2view.com and writes about Technology, SEO, Social Media, Ways to Make Money Online and Security on Internet. Apart from blogger, he is a professional SEO and deals in onpage/offpage optimization aspects of small business websites and blogs. You can catch him at http://twitter.com/singhinder
This entry was posted in Orkut, Social Media. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>