Biting the hand that feeds IT
Biting the hand that feeds IT
|
|
Original URL: http://www.theregister.co.uk/2008/02/29/orkut_worm_reloaded/
Malware authors have written a worm for Orkut, Google-owned networking site that's big in Brazil.
The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.
People who click on the link are redirected to an external site hosting malware that's disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims' friends, recommencing the infection cycle.
An analysis by Symantec can be found here (http://www.symantec.com/enterprise/security_response/weblog/2008/02/the_orkut_worm_digging_deeper.html).
Judging by the counter on a web page associated with the malware (not the most reliable of indicators) about 13,000 users are already infected by the Scrapkut worm, which isn't - for now - doing anything particularly nasty other than spreading.
By contrast an earlier worm (http://www.theregister.co.uk/2007/12/19/worm_hits_orkut) that spread across the Orkut network last December infected an estimated 655,000 people. Google plugged the cross-site scripting (XSS) error that made the attack possible hours later, thwarting tfurther propagation of that fast-spreading worm. ®
Royal Bank of Scotland takes three weeks to squash nasty Worldpay bug (20 May 2008)
http://www.channelregister.co.uk/2008/05/20/rbs_closes_security_hole/
McAfee 'Hacker Safe' cert sheds more cred (29 April 2008)
http://www.theregister.co.uk/2008/04/29/mcafee_hacker_safe_sites_vulnerable/
Google to open suspect Orkut albums to Brazil police (12 April 2008)
http://www.theregister.co.uk/2008/04/12/google_brazil_pledge/
Image uploader bug blights MySpace (1 February 2008)
http://www.theregister.co.uk/2008/02/01/myspace_image_uploader_bug/
Poisoned MySpace page masquerades as Windows Update (12 January 2008)
http://www.theregister.co.uk/2008/01/12/poisoned_myspace_page/
Contest seeks the most diminutive XSS worm (5 January 2008)
http://www.channelregister.co.uk/2008/01/05/worm_replication_contest/
Portuguese-speaking worm attacks Google Orkut users (19 December 2007)
http://www.theregister.co.uk/2007/12/19/worm_hits_orkut/
How to expose Gmail contacts without really trying (27 September 2007)
http://www.theregister.co.uk/2007/09/27/google_bug_onslaught_continues/
Worms 2.0! (27 June 2007)
http://www.theregister.co.uk/2007/06/27/wade_alcorn_metasploit_interview/
YouTube 'riddled with 40-plus security vulnerabilities' (20 June 2007)
http://www.theregister.co.uk/2007/06/20/youtube_security_ultimatum/
Yahoo! fixes bug that gave free rein to user accounts (15 June 2007)
http://www.theregister.co.uk/2007/06/15/yahoo_xss_error/
Google security vulnerabilties stack up (3 June 2007)
http://www.theregister.co.uk/2007/06/03/google_vulns_stack_up/
MySpace-hosted malware exploits QuickTime flaw (16 March 2007)
http://www.theregister.co.uk/2007/03/16/myspace_quicktime_exploit/
Web 2.0 worm downs MySpace (17 October 2005)
http://www.theregister.co.uk/2005/10/17/web20_worm_knocks_out_myspaces/
© Copyright 2008
