Worm Eats Into Orkut
Security researchers report that Google’s Orkut was the target of what appeared to be a relatively benign worm that experts say illustrates the ability of hackers to drop code into social-media sites.
Orkut has millions of registered users, some 700,000 of which were affected by the worm over a period of 24 hours.
The exploit was contained in a JavaScript file, aptly named “virus.js.” When Orkut users received e-mail about a new scrapbook entry and clicked through to the site, the browser downloaded and executed the embedded virus.js file automatically — without the need for any user intervention.
Sanitizing Rich Media
The malware seemed to do at least two things — send messages to friends to perpetuate itself and add the infected account to an Orkut community “Infectados pelo Vírus do Orkut,” which was created by the script author, according to McAfee.
“This clearly illustrates the issue with allowing rich content on social/professional networking sites, and not sanitizing it enough,” said Vinay Mahadik, a member of the McAfee Avert Labs team. “The ability to add Flash/JavaScript content to Orkut scraps was only recently introduced.”
Google did not return calls seeking comment, but apparently the company has remedied the problem. As of Thursday, Symantec reported, the virus.js script is no longer available on the site and it seems as if there have been adequate checks implemented by Orkut to validate content when posting a scrapbook entry.
Social Worms Rising
“Worms in social networks are certainly not a new concept. We’ve seen it in the past,” said Oliver Friedrichs, director of Symantec’s Security Response. Friedrichs noted that MySpace was affected by a worm early last year that allowed an attacker to add over one million people to the author’s profile.
Worms are becoming increasingly popular across social-network sites, he said. The good news is that these types of worms are not typically malicious, he explained, while the bad news is that users can’t do much to protect themselves other than stay off of social networks altogether.
“This is a little more difficult to protect against in that the social-networking site itself needs to take steps to prevent this,” Friedrichs said. “This is generally a shortcoming on the site itself rather than what consumers can do.”
Jennifer LeClaire is a writer for NewsFactor.com
Compliments of NewsFactor.com
Article Sponsor
More News
Reader Comments.
No comments yet
Leave a Comment
Features
- With Ads, Pretty Is as Pretty Does November 21st 2008
- Holiday Hootenanny: Win the Ad WAR November 20th 2008
- When Boomers, Gen Y Collide November 20th 2008
- How Google Is Jeopardizing Search Biz November 19th 2008
- Click Fraud To Shape Ad Decisions in 2009 November 18th 2008
Latest News
- Goodmail Reels in $20M November 21st 2008
- Yahoo Sells Off Shopping Site at Discount November 21st 2008
- Paper-Loving Paramount Goes Digi November 21st 2008
- Google Personalizes Search Results November 21st 2008
- Verizon Staff Hacked Into Old Obama Account November 21st 2008
- IAB: Q3 Raked in $5.9B November 21st 2008
- Ad Spend Forecast Down Overall, Online Safe for Now November 20th 2008
- Will Bandwidth Limits Kill the Video Ad? November 20th 2008
Spotlight
Turn VP: Ad Network Shakeout “Inevitable”ADOTAS EXCLUSIVE – Turn bills itself as the world’s first Smart Market for online advertising. Turn’s VP of product and [...] more...
Reader Favorites
Classifieds
Most Commented
- Targeting Is the Ad Network "Killer App" (7)
- Study: Blogs Beat Social Networks on Purchase Influence (5)
- Vengence is Mine Saith Ballmer (4)
- Marketing Secrets of an Online “Lurker” (3)
- Self-Serve Ad Exchange: This Century's Strowger Switch? (3)
- Federal Bailout Proposed for Online Ad Industry (3)
- What Obama's Win Means for Advertisers (3)
- The Coming eRevolution in Online Marketing (2)
