News

• Comment
• Print Article
• Email
• Permalink

Worm Eats Into Orkut

Written on

December 27th 2007

Author

by Alternative Media  |

Feed

   XML Feed

Security researchers report that Google’s Orkut was the target of what appeared to be a relatively benign worm that experts say illustrates the ability of hackers to drop code into social-media sites.

Orkut has millions of registered users, some 700,000 of which were affected by the worm over a period of 24 hours.

The exploit was contained in a JavaScript file, aptly named “virus.js.” When Orkut users received e-mail about a new scrapbook entry and clicked through to the site, the browser downloaded and executed the embedded virus.js file automatically — without the need for any user intervention.

Sanitizing Rich Media

The malware seemed to do at least two things — send messages to friends to perpetuate itself and add the infected account to an Orkut community “Infectados pelo Vírus do Orkut,” which was created by the script author, according to McAfee.

“This clearly illustrates the issue with allowing rich content on social/professional networking sites, and not sanitizing it enough,” said Vinay Mahadik, a member of the McAfee Avert Labs team. “The ability to add Flash/JavaScript content to Orkut scraps was only recently introduced.”

Google did not return calls seeking comment, but apparently the company has remedied the problem. As of Thursday, Symantec reported, the virus.js script is no longer available on the site and it seems as if there have been adequate checks implemented by Orkut to validate content when posting a scrapbook entry.

Social Worms Rising

“Worms in social networks are certainly not a new concept. We’ve seen it in the past,” said Oliver Friedrichs, director of Symantec’s Security Response. Friedrichs noted that MySpace was affected by a worm early last year that allowed an attacker to add over one million people to the author’s profile.

Worms are becoming increasingly popular across social-network sites, he said. The good news is that these types of worms are not typically malicious, he explained, while the bad news is that users can’t do much to protect themselves other than stay off of social networks altogether.

“This is a little more difficult to protect against in that the social-networking site itself needs to take steps to prevent this,” Friedrichs said. “This is generally a shortcoming on the site itself rather than what consumers can do.”

Jennifer LeClaire is a writer for NewsFactor.com

Compliments of NewsFactor.com

No Tags

• Comment
• Print Article
• Email
• Permalink

Article Sponsor

More News

• Readers weigh in on ATT, ad networks and the iPhone
• Hiring, promotions, location, partnerships and product news
• OPA large ad units unfurl across the web
• Email spam in June worst since 2007
• Joost becomes YouTube roadkill, starts layoffs

Features

• Automakers Need to Become Better Conversationalists July 2nd 2009
• Affiliates can win in the media buy game July 2nd 2009
• Crowd-Sourced Ads: A Measured Response June 28th 2009
• Is the government coming for you? June 28th 2009
• Customer Loyalty: How to Earn It June 25th 2009

Features Archive

Latest News

• Readers weigh in on ATT, ad networks and the iPhone July 2nd 2009 ADOTAS — In our weekly poll, readers overwhelmingly said that [...] more »
• Hiring, promotions, location, partnerships and product news July 2nd 2009 ADOTAS — Internet Oldtimers Foundation, Jumptap, eXelate, Kampyle, The Digital [...] more »
• OPA large ad units unfurl across the web July 1st 2009 ADOTAS — The Online Publishers Association said a group of [...] more »
• Email spam in June worst since 2007 July 1st 2009 ADOTAS — MessageLabs Intelligence released its numbers for June, and [...] more »
• Joost becomes YouTube roadkill, starts layoffs July 1st 2009 ADOTAS — Despite reworking its technology to work in a [...] more »
• Ad networks, not websites, choked on Michael Jackson news July 1st 2009 ADOTAS — The news of the pop star’s death saw [...] more »
• StrongMail doubling down on social media, buys PopularMedia July 1st 2009 ADOTAS — StrongMail has announced that it acquired PopularMedia, a [...] more »

News Archive

• Does the iPhone need to divorce ATT?

  • yes
  • no
  • no, the iPhone just needs multiple partners.

  View Results

   Loading ...

Polls Archive

Spotlight

Trust Me – I’m a Professional … SEOADOTAS — At WebMetro we typically provide SEO Action Plans as part of campaigns. As the name implies, an SEO [...] more...

Reader Favorites

Layoff Tracker

• AOL - 700
• Apple - 50
• Clear Channel - 2,800 total (1,000 currently)
• Google - 340
• IBM - more than 7,800
• Joost - about 90
• MySpace - in June, about 720
• World Avenue - 30 percent of workforce
• Yahoo - 2,220 total, about 700 currently
• Zango - closes, about 90, in addition to earlier layoffs

Classifieds

• Sr. Online Media Buyer
• Media Buyer
• Affiliate Manager
• Account Supervisor
• Social Media Specialist

Recent Comments

• Josette Davids: Great article and an amazing time was had by all at this event. I'm an
• Mike Poserina: There is also a tragic flaw rumored in Bing's ad placement engine. When resolved,
• Andy: Erin, Never mind the commenters who can only see the negative side of things. I thank you
• pkohler: We've also noticed that ads frequently adversely affects the performance of a Web page. As