View Single Post - Google's Orkut Social Network Hacked

**PaNkAJ** · 12-23-2007, 10:41 PM

Hundreds of thousands of users infected by XSS worm hidden in messages from 'friends'
Over 655,000 served?

Google's Orkut social networking site was hit by a quick-spreading worm that managed to infect a large number of users when they viewed messages that came from friends who were already exposed.

Infected users became part of a community dubbed "Infectatos pelo Virus do Orkut," which loosely translates from Portuguese to mean "infected by the Orkut Virus." More than 655,000 members belonged to the group at time of writing, although some people may have joined voluntarily rather than being forcibly corralled into it by the worm. Within hours, Google appears to have closed the cross-site scripting (XSS) error that made the attack possible.

As is so often the case with XSS-based attacks, the Orkut worm was mitigated by the use of the NoScript plugin. It runs on top of the Firefox browser and prevents the execution of Java, Javascript, Flash and other potentially dangerous code on untrusted websites.

hExX

12-23-2007, 10:41 PM	#1 (permalink)
PaNkAJ Administrator Join Date: Jul 2007 Location: In Your Heart Reputation: 389827 Posts: 14,406 Thanks: 1,478 Thanked 33,037 Times in 2,742 Posts	Google's Orkut Social Network Hacked Your Ad Here Hundreds of thousands of users infected by XSS worm hidden in messages from 'friends' Over 655,000 served? Google's Orkut social networking site was hit by a quick-spreading worm that managed to infect a large number of users when they viewed messages that came from friends who were already exposed. Infected users became part of a community dubbed "Infectatos pelo Virus do Orkut," which loosely translates from Portuguese to mean "infected by the Orkut Virus." More than 655,000 members belonged to the group at time of writing, although some people may have joined voluntarily rather than being forcibly corralled into it by the worm. Within hours, Google appears to have closed the cross-site scripting (XSS) error that made the attack possible. As is so often the case with XSS-based attacks, the Orkut worm was mitigated by the use of the *NoScript plugin. It runs on top of the Firefox browser and prevents the execution of Java, Javascript, Flash and other potentially dangerous code on untrusted websites. hExX __________________ Guests Register to see the forum...* Read & Follow the Rules Useful Links Rules \| Moderator Application's \| Donators \| Uploaders \| Forum Leaders \| List Of Free Rapidshare premium Link Generator