In association with heise online

21 December 2007, 13:47

JavaScript worm wriggles its way through Orkut social networking page

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Numerous users of Google's Orkut "social network" are reported to have fallen victim to a worm. Symantec estimates that the worm infected almost 700,000 user profiles in 24 hours. According to analyses by Symantec and McAfee, the worm was distributed through Orkut scrap books, also known as guest books, into which it injects HTML code which subsequently loads specially crafted JavaScript code (virus.js) from an external page.

The worm appears to have used emails to persuade users to open infected scrap books. Once opened it executed itself in the user's browser and injected itself into the user's scrap book or profile. In addition, it added the affected user to the community called "Infectados pelo Vírus do Orkut", which is Portuguese for "infected by Orkut virus". Symantec reports that although the worm generated Flash objects via JavaScript it didn't appear to exploit any of the recently documented Flash Player vulnerabilities. According to the report, the objects were instead used to load and execute malicious code without user interaction. The ability to add JavaScript and Flash content to scrap books was only implemented recently.

Users' PCs were not affected by the Orkut worm: the problem was restricted to the Orkut pages. The virulent virus.js script has since been taken off the net, and scrap books are also said to be free of the malicious code. In addition, Orkut is said to have set up filters which scrutinise content added to scrap books more thoroughly. But the incident is another example for the enormous speed with which malware can spread through social networking pages if users are allowed to add almost any content to their profiles. A similar problem occurred, for example, in MySpace last year, where simply watching an injected malicious Quicktime video was enough to infect the user's profile. MySpace was also almost completely shut down by an XSS worm in late 2005.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit