Worm Eats Into Orkut
Security researchers report that Google’s Orkut was the target of what appeared to be a relatively benign worm that experts say illustrates the ability of hackers to drop code into social-media sites.
Orkut has millions of registered users, some 700,000 of which were affected by the worm over a period of 24 hours.
The exploit was contained in a JavaScript file, aptly named “virus.js.” When Orkut users received e-mail about a new scrapbook entry and clicked through to the site, the browser downloaded and executed the embedded virus.js file automatically — without the need for any user intervention.
Sanitizing Rich Media
The malware seemed to do at least two things — send messages to friends to perpetuate itself and add the infected account to an Orkut community “Infectados pelo Vírus do Orkut,” which was created by the script author, according to McAfee.
“This clearly illustrates the issue with allowing rich content on social/professional networking sites, and not sanitizing it enough,” said Vinay Mahadik, a member of the McAfee Avert Labs team. “The ability to add Flash/JavaScript content to Orkut scraps was only recently introduced.”
Google did not return calls seeking comment, but apparently the company has remedied the problem. As of Thursday, Symantec reported, the virus.js script is no longer available on the site and it seems as if there have been adequate checks implemented by Orkut to validate content when posting a scrapbook entry.
Social Worms Rising
“Worms in social networks are certainly not a new concept. We’ve seen it in the past,” said Oliver Friedrichs, director of Symantec’s Security Response. Friedrichs noted that MySpace was affected by a worm early last year that allowed an attacker to add over one million people to the author’s profile.
Worms are becoming increasingly popular across social-network sites, he said. The good news is that these types of worms are not typically malicious, he explained, while the bad news is that users can’t do much to protect themselves other than stay off of social networks altogether.
“This is a little more difficult to protect against in that the social-networking site itself needs to take steps to prevent this,” Friedrichs said. “This is generally a shortcoming on the site itself rather than what consumers can do.”
Jennifer LeClaire is a writer for NewsFactor.com
Compliments of NewsFactor.com
Reader Comments.
No comments yet
Leave a Comment
Article Sponsor
More News
Features
- Automakers Need to Become Better Conversationalists July 2nd 2009
- Affiliates can win in the media buy game July 2nd 2009
- Crowd-Sourced Ads: A Measured Response June 28th 2009
- Is the government coming for you? June 28th 2009
- Customer Loyalty: How to Earn It June 25th 2009
Latest News
- Readers weigh in on ATT, ad networks and the iPhone July 2nd 2009 ADOTAS — In our weekly poll, readers overwhelmingly said that [...] more »
- Hiring, promotions, location, partnerships and product news July 2nd 2009 ADOTAS — Internet Oldtimers Foundation, Jumptap, eXelate, Kampyle, The Digital [...] more »
- OPA large ad units unfurl across the web July 1st 2009 ADOTAS — The Online Publishers Association said a group of [...] more »
- Email spam in June worst since 2007 July 1st 2009 ADOTAS — MessageLabs Intelligence released its numbers for June, and [...] more »
- Joost becomes YouTube roadkill, starts layoffs July 1st 2009 ADOTAS — Despite reworking its technology to work in a [...] more »
- Ad networks, not websites, choked on Michael Jackson news July 1st 2009 ADOTAS — The news of the pop star’s death saw [...] more »
- StrongMail doubling down on social media, buys PopularMedia July 1st 2009 ADOTAS — StrongMail has announced that it acquired PopularMedia, a [...] more »
-
Loading ...
Spotlight
Trust Me – I’m a Professional … SEOADOTAS — At WebMetro we typically provide SEO Action Plans as part of campaigns. As the name implies, an SEO [...] more...
Reader Favorites
Layoff Tracker
- AOL - 700
- Apple - 50
- Clear Channel - 2,800 total (1,000 currently)
- Google - 340
- IBM - more than 7,800
- Joost - about 90
- MySpace - in June, about 720
- World Avenue - 30 percent of workforce
- Yahoo - 2,220 total, about 700 currently
- Zango - closes, about 90, in addition to earlier layoffs
Classifieds
Recent Comments
- Josette Davids: Great article and an amazing time was had by all at this event. I'm an
- Mike Poserina: There is also a tragic flaw rumored in Bing's ad placement engine. When resolved,
- Andy: Erin, Never mind the commenters who can only see the negative side of things. I thank you
- pkohler: We've also noticed that ads frequently adversely affects the performance of a Web page. As

