CGISecurity Logo

Orkut XSS worm in the wild

According to ISC orkut has been striken with a persistant XSS
worm via the user profiles.

Will be updating this as new information breaks so stay tuned! So far no news at the orkut blog

UPDATE
A few news articles have started to pop up regarding this.

"Google's Orkut social networking site appeared to have been hit by a
relatively harmless worm, but one that demonstrated the continuing
vulnerability of Web applications.

Some Orkut users received an e-mail telling them they had been
sent a new scrapbook entry — a type of Orkut message — on their
profile from another Orkut user.

They only had to view their profile to become infected by the
worm, which added them to an Orkut group, "Infectados pelo Vírus do
Orkut," wrote the blogger Kee Hinckley on his site TechnoSocial.

The name of the group, in Portuguese, roughly translates to
"infected by the Orkut virus." Orkut is popular in Brazil, as well as
India, but has not caught on as well outside those countries compared
to MySpace and Facebook.

The description of the group reveals that the worm was
designed to show Orkut could be dangerous to users even if they do not
click on malicious links, Hinckley wrote. The worm apparently did not
try to steal any personal data.

The worm was also noted by Orkut Plus, a site that offers Orkut security tips, and discussedin Google's Orkut help group.

At one time the infected group was adding new members at a rate
of 100 per minute, and had reached a few hundred thousand members,
according to various postings, but the problem appears now to be fixed,
Hinckley wrote.

Orkut's scrapbook feature allows people post messages that
contain HTML code, but it may lack a filter to strip out malicious
JavaScript, Hinckley wrote." – PCWorld

A detailed writup of the form can be found at http://tkhere.blogspot.com/2007/12/orkut-under-cross-site-scripting-xss.html
Sourcecode is available at http://www.marrowbones.com/commons/technosocial/2007/12/orkut_worm_code_and_why_was_go.html#more

Original Code Link: http://lucky-six.blogspot.com/2007/12/orkut-xss-attack.html
Blog Link http://tkhere.blogspot.com/2007/12/orkut-under-cross-site-scripting-xss.html
DarkReading Article: http://www.darkreading.com/document.asp?doc_id=141761&WT.svl=news1_1
PCWorld Article: http://www.pcworld.com/article/id,140653-c,worms/article.html
ISC Link: http://isc.dshield.org/diary.html?storyid=3769