Arbor Networks: Security to the Core

Overnight I got a handful of “Person X has written you a scrapbook entry” mails from Orkut, Google’s social network. Not just spams claiming to be from Orkut, and not a Phishing attack. I got suspicious, this sort of thing suggested a malware attack on Orkut (a’la the Samy XSS worm on MySpace). But, it was the middle of the night so I went to sleep. But other people had a quick look, so hats off to them.

The worm was driven by an XSS attack on Orkut, gaping holes in script insertion, and well connected users. All in all abou 400,000 users were reportedly affected.

Google reports that the hole has been closed and profiles fixed.

More information, including code dissection:

• Orkut XSS on the Sounds From The Dungeon blog
• More on Orkut worm from Ryan Russell (see his previous post, too).
• Orkut/Google worms Compromise over 400,000 accounts from the folks at Trend Micro.

This entry was posted on Wednesday, December 19th, 2007 at 12:01 pm and is filed under Exploit Code, Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.