Orkut XSS worm in the wild

Posted 12/19/07 by Robert from the I got worms department

According to ISC orkut has been striken with a persistant XSS worm via the user profiles.

Will be updating this as new information breaks so stay tuned! So far no news at the orkut blog

UPDATE
A few news articles have started to pop up regarding this.

"Google's Orkut social networking site appeared to have been hit by a relatively harmless worm, but one that demonstrated the continuing vulnerability of Web applications.

Some Orkut users received an e-mail telling them they had been sent a new scrapbook entry -- a type of Orkut message -- on their profile from another Orkut user.

They only had to view their profile to become infected by the worm, which added them to an Orkut group, "Infectados pelo V�rus do Orkut," wrote the blogger Kee Hinckley on his site TechnoSocial.

The name of the group, in Portuguese, roughly translates to "infected by the Orkut virus." Orkut is popular in Brazil, as well as India, but has not caught on as well outside those countries compared to MySpace and Facebook.

The description of the group reveals that the worm was designed to show Orkut could be dangerous to users even if they do not click on malicious links, Hinckley wrote. The worm apparently did not try to steal any personal data.

The worm was also noted by Orkut Plus, a site that offers Orkut security tips, and discussedin Google's Orkut help group.

At one time the infected group was adding new members at a rate of 100 per minute, and had reached a few hundred thousand members, according to various postings, but the problem appears now to be fixed, Hinckley wrote.

Orkut's scrapbook feature allows people post messages that contain HTML code, but it may lack a filter to strip out malicious JavaScript, Hinckley wrote." - PCWorld

A detailed writup of the form can be found at http://tkhere.blogspot.com/2007/12/orkut-under-cross-site-scripting-xss.html
Sourcecode is available at http://www.marrowbones.com/commons/technosocial/2007/12/orkut_worm_code_and_why_was_go.html#more

Original Code Link: http://lucky-six.blogspot.com/2007/12/orkut-xss-attack.html
Blog Link http://tkhere.blogspot.com/2007/12/orkut-under-cross-site-scripting-xss.html
DarkReading Article: http://www.darkreading.com/document.asp?doc_id=141761&WT.svl=news1_1
PCWorld Article: http://www.pcworld.com/article/id,140653-c,worms/article.html
ISC Link: http://isc.dshield.org/diary.html?storyid=3769
Link to this Story: Orkut XSS worm in the wild
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed

Discuss this article Find Related Stories