Worm Squirms Through Google's Orkut

Google's social network is hit by a fast moving worm that is attacking members of a Portuguese-language community.

A fast moving worm is squirming though Google's Orkut social network, adding hundreds of thousands of users to an Orkut community created by a Brazilian hacker.

The worm, which first appeared on Dec. 19, has been spreading through Orkut's Scrapbook system at a rapid pace, infecting more than 650,000 users in the space of a few hours.

According to an alert from anti-virus specialist Trend Micro, infection starts when an Orkut user is sent an e-mail telling them that they have a new Scrapbook entry.

Logging into Orkut, the victim is greeted with Portuguese-language text that reads: "2008 vem ai... que ele comece mto bem para vc." This translates to "2008 is coming...I wish that it begins quite well for you".

No interaction is necessary. Simply looking at the scrap starts the infection sequence," says Trend Micro researcher Robert McArdle.

Click here to read about a worm attack that struck MySpace in July 2007.

Once the scrap is viewed, it deletes itself and the victim is automatically added to the "Infectados pelo V??írus do Orkut" community.

Once a user becomes infected, the infected account downloads and executes an embedded Javascript that sends a copy of the original Scrapbook post to all the victim's contacts.

According to McAfee researcher Vinay Mahadik, the worm is abusing the ability to add JavaScript content to Orkut Scrapbook entries, a feature that was only recently introduced by Google.

"This clearly illustrates the issue with allowing rich-content on social/professional networking sites, and not sanitizing it enough," Mahadik said in an entry on the McAfee Avert Labs blog.

This is the second major worm attack to take aim at a popular social network. In October 2005, the Samy worm used cross-site scripting techniques to spread through MySpace, infecting more than a million users in less than a day.

Check out eWEEK.com's Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraine's Security Watch blog.