Worm Hits Google’s Orkut, infecting Hundreds of Thousands of Users
Popular social networking site Orkut has apparently been struck by a comparatively harmless worm. All the same it does display the ongoing vulnerability of web applications.
Google’s Orkut includes an optional setting wherein users can get their latest scrapbook entry, friend request etc notifications on a specified e-mail address. With the latest worm rounds what happened is that some users of Orkut received an e-mail notifying them that about a new scrapbook entry made to their Orkut account. The worm is apparently using JavaScript and Flash code to create new scrapbook entries on profiles with a New Year’s message in Portuguese before spreading to the victim’s friends.
And once the user views his or her profile, the account immediately gets affected by the worm. This makes you a member of an Orkut group called “Infectados pelo Vírus do Orkut,” wrote the blogger Kee Hinckley on his site TechnoSocial.
In Portuguese, “Infectados pelo Vírus do Orkut” literally means “infected by the Orkut virus.”
As per Hinckley, at one point of time, the infected group was adding as many as 100 new members per minute, and had reached the mark of a few thousand members, but the issue was controlled in time.
“It does not appear at first glance that the worm does anything more dangerous than pass itself on to one or more of your friends,” he wrote. “I think it unlikely that it would be able to steal your password, although it could potentially access other private information.”
Orkut Plus, an Orkut security tips site and Orkut’s help group also had discussions in the topic of the “worm”.
As Kee correctly wrote “There’s no need to click on anything, just viewing it does the trick.” Well for sure, in this case we just can’t say that we should wait and WATCH!
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
December 20th, 2007 at 12:45 pm
all things r working but not orkut. yy