Worm Spreading Fast on Google’s Orkut Social Network


A new worm has hit Google’s Orkut and it seems to be hitting it pretty hard, it’s infected via the scrapbook feature and is adding hundreds of thousands of users, similar to the Myspace worm (Samy) that hit in October 2005.

It seems to be fairly unmalicious, more of a ‘look at me – see what I can do’ kind of thing. It’s certainly interested to see that social networking sites are beginning to be the focus of hackers, even if it’s not for money or stealing info..But more of a playground to test their skills.

A fast moving worm is squirming though Google’s Orkut social network, adding hundreds of thousands of users to an Orkut community created by a Brazilian hacker.

The worm, which first appeared on Dec. 19, has been spreading through Orkut’s Scrapbook system at a rapid pace, infecting more than 650,000 users in the space of a few hours.

According to an alert from anti-virus specialist Trend Micro, infection starts when an Orkut user is sent an e-mail telling them that they have a new Scrapbook entry.

I guess you can avoid it by not reading any scraps, or using something like NoScript – which would remove the danger of the JavaScript. But again it comes back to the same old thing, how many average users would even know what NoScript is?

Logging into Orkut, the victim is greeted with Portuguese-language text that reads: “2008 vem ai… que ele comece mto bem para vc.” This translates to “2008 is coming…I wish that it begins quite well for you”.

No interaction is necessary. Simply looking at the scrap starts the infection sequence,” says Trend Micro researcher Robert McArdle.

Once the scrap is viewed, it deletes itself and the victim is automatically added to the “Infectados pelo Vírus do Orkut” community.

Once a user becomes infected, the infected account downloads and executes an embedded Javascript that sends a copy of the original Scrapbook post to all the victim’s contacts.

But yes indeed, it shows the danger of allowing rich user content sanitizing it properly. Haven’t they learned their lessons from what happened at MySpace?

Source: eWeek

Posted in: Malware, Web Hacking

, , , , , ,


Latest Posts:


OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.
trident - Automated Password Spraying Tool trident – Automated Password Spraying Tool
The Trident project is an automated password spraying tool developed to be deployed on multiple cloud providers and provides advanced options around scheduling
tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.


5 Responses to Worm Spreading Fast on Google’s Orkut Social Network

  1. goodpeople December 21, 2007 at 10:45 am #

    Seems to me that this is a classic case of “released too early”. Hope the guys at Google do something about it fast..

  2. Nobody_Holme December 22, 2007 at 11:38 am #

    *shrug*

    anyway, merry christmas everyone, i’m off home until the new year, i think.

  3. Orkut_Virus December 30, 2007 at 2:17 pm #

    Theres another kind of orkut virus, here is the screen shots with description:

    http://www.megaleecher.net/Orkut_Auto_Scrap_Virus

    Since all info is pulled from DB’s, I suggest orkut should have some system to automatically disable all msg’s of a particular kind if found illegit.

  4. eM3rC January 6, 2008 at 10:29 pm #

    Poor google, first this then the adsense trojan.

    It seems like hackers are getting into more and more big companies (google being one of the biggest) and using it to wreak chaos.

  5. Jinesh Doshi May 23, 2008 at 7:44 am #

    Thanks for the warning. Now i wont click any such link.