Orkut worm hits 700,000 users

Orkut worm hits 700,000 users

Infection thrives on Google social network

A fast-moving worm has infected more than 700,000 users on Google's Orkut social network in just 24 hours.

The Portuguese language attack exploited a vulnerability in Orkut's scrapbook feature to post malicious JavaScript code on a user's page.

On viewing the scrapbook post, the code performed the exploit and downloaded a .js file to the user's machine.

The worm then took control of the user's account, sending out copies of itself to all of the user's friends and joining a group called 'Infectados pelo VĂ­rus do Orkut', which translates as 'Infected by Orkut virus'.

The worm does not appear to download any other malicious programs. Security experts said yesterday that the malicious code has been removed from users' pages and the worm has been taken offline.

Symantec researcher Umesh Wanve said that, although the attack was largely benevolent, it is worrisome because it was launched simply by loading the user's Orkut profile.

"This worm illustrates how a simple script injection exploit could affect a large social networking site," wrote Wanve.

"This worm could have been used for other malicious purposes, such as stealing cookies, exploiting other vulnerabilities or stealing sensitive data."

McAfee researcher Vinay Mahadik expressed similar concerns. "This clearly illustrates the issue with allowing rich content on social/professional networking sites, and not sanitising it enough," he wrote.

"The ability to add Flash/JavaScript content to Orkut scraps was only recently introduced."