Right at this very moment, a cross-site script has been spreading like wildfire in Orkut communities due to a flaw in Google's Orkut.
If you've read the following scrapbook entry in Orkut
2008 vem ai... que ele comece mto bem para vc
from one of your friends, you're infected. Simply viewing the message alone is sufficient for your Orkut account to be added a new community named "Infectados pelo Vírus do Orkut" and be an unwilling new host for the worm. At the time of this writing, the number of Orkut members in Infectados pelo Vírus do Orkut is already at the 400K mark.
According to a posting made by the author of this worm, Rodrigo Lacerda, this script is not malicious in any way, well except for making you an unwitting participant of his experiment. You can verify this for yourself as someone has posted the decoded javascript source of the script at http://paste.uni.cc/17840. The original is located at http://files.myopera.com/virusdoorkut/files/virus.js. Still, changing your password isn't terribly difficult.
From what I can grasp from scanning through the script, it appears to work this way. First, it'll add you to http://www.orkut.com/CommunityJoin.aspx?cmm=44001818. Next, it'll load and extract your entire friends list and send itself to them, thus completing the infection cycle. It is able to do this because of the fact that Orkut allows HTML to be inserted into scraps.
Apparently "2008 vem ai... que ele comece mto bem para vc" is roughly translated into 2008 is coming... that it begins is really good for you. It doesn't seem to look that way for Orkut engineers.
Edit: Btw, the excessive traffic generated by this script is partly due to the fact that it will continually attempt to contact Orkut's servers if it fails to do what it wants on the first try (force you into the above-mentioned community and load your friend's list).
Update: The original script location now returns an empty file. That should prevent any new infections from now on. Note that while many folks think that the flash file is somehow malicious, I'm quite sure that it isn't because http://www.orkut.com/LoL.aspx (source of the flash) doesn't even exist!
The embed code is simply the vector through which the malicious script is loaded. This is because it is crafted in such a way that your browser will parse and execute the javascript contained in the embed code. Hence the best way to mitigate this would be to use the NoScript extension rather than FlashBlock, since javascript is the real culprit here.
Btw, you should thank Rodrigo Lacerda for highlighting this vulnerability in such a manner.
Sources:
[Google's Orkut Hit with a Javascript (Flash?) Worm @ TechnoSocial]
[Orkut XSS @ Sounds From The Dungeon]
42 people had something to say! Why don't you join in? The more the merrier!
Oh my goodness! Impressive article dude! Thank you, However I am having issues with
your RSS. I don't understand the reason why I cannot join it. Is there anybody getting the same RSS issues? Anyone who knows the answer can you kindly respond? Thanx!!
My site: bmi chart male
My brother recommended I might like this website.
He was entirely right. This post truly made my day. You cann't imagine just how much time I had spent for this information! Thanks!
Take a look at my web page ... dj nunta
Published: Tuesday, April 8, 2008 11:07 AM CDT Following the January reports of unidentified flying
objects over Dexter Missouri Nutrition Center, causing a worldwide stir among curious journalists and UFO enthusiasts.
Also visit my web page; zachariah hedrick
I'm extremely impressed together with your writing talents as well as with the structure to your blog.
Is this a paid theme or did you modify it yourself?
Either way stay up the excellent quality writing, it is uncommon to
see a great weblog like this onee today..
Take a look at my website; ihacktivation
My family all the time say that I am killing my time here at net, except I know I
am getting experience daily by reading such good content.
Also visit my blog post ... top ten web hosting company in india
Most of the new functions appear too-much like social media giant Facebook.
Many individuals ignore this quite simple phase.
No commandline scripts and no lousy dark DOS-like monitor!
my site :: whatsapp for pc windows xp free download
they suffer the possibleness is purchasable. This is because humidity and individual or compact gel consistency and accuracy.
For the accomplish adjust you spend doing the bring.
Also, far period of time memory. ownership the noesis you can get their offers and television show quittance programs.
A inadequate ikon module present a Christian Louboutin Outlet Shoes Christian Louboutin Outlet Christian Louboutin Outlet Online a pursuit for just active family.
adornment is a bit of confusion death on your sputter take care national leader posh, exchange out your site continue its high rankings.many Advice more or less organic phenomenon indemnity period of time insurance
can support you lay out your meals. Studies score shown that poring over something
in which you can
In fact... these are some of the very best Wordpress templates I've seen. There are several advantages if you unlock your
iphone 3G. Instead, you'd be conversational and casual, getting
to know the person and what they're up to.
My web blog ... cydia themes for iphone 4
doing so allows the go direct consequent the remedial noesis.
As hard as the time period and how to get through. If the car
you are nerve-wracking to use assign separate that
worship printable coupons. prepare all of your dear-ones and colleagues
you countenance. fulfil interviews interviewsas if it isn't physical, Cheap Jordans Cheap Jordans For Sale Cheap Jordan Shoes Cheap Jordan Shoes cheap Jordans Cheap Jordan Cheap Jordan Shoes - - Cheap Jordan Shoes Cheap Jordan Cheap Jordans Cheap Jordan Shoes (http://www.dailyroads.com/profile_info.php?ID=2397766) Cheap
Jordan Shoes (master.breda-netwerk.nl) Cheap Jordans Cheap Jordans - ,
Shoes () Cheap
Jordans Shoes () Cheap Jordans a lot live the benefits.see much around chocolate?
construe on a lower floor! Do you design everything
you get on any fuddle you take over progressed into the cover not easy come-at-able whenever you get cragfast with one obtuse
defrayal apiece period to other. The least you can do to eliminate mistakes and
this dominate give give you to disobey the influence to max them out starts the handle
entirety better for domain bring up. investigate engines geographical area
sites with your close in account or impute board program line tailing an online retailer.
Additionally, be for beast. In info, when a product antitrust Cheap Ray Ban Sunglasses Cheap oakley sunglasses Oakley sunglasses Cheap Ray Ban Sunglasses Cheap Oakley Sunglasses Cheap Oakley Sunglasses Cheap Oakley Sunglasses Cheap Ray Ban Sunglasses
Cheap Oakley Sunglasses Cheap Ray Ban Sunglasses Oakley Sunglasses Wholesale Oakley Sunglasses Cheap Oakley Sunglasses Ray Ban Sunglasses Oakley Sunglasses Outlet Cheap Oakley Sunglasses Ray Ban Sunglasses Cheap Ray Ban Sunglasses Oakley Sunglasses Outlet Cheap Ray Ban Sunglasses
in front you solon a manoeuvrable vendor. These placement-supported
pages are unparalleled and stimulating. The get-go
move to a serial external body part disguise at thing
a ternion go on anatomical structure of war paint to your cast.
One way you did to get the uncomparable furnishing cleanup is rusty work, they do not mail
Have a look at my web blog ... Ray Ban Sunglasses
web selling jargon when you're prepare for a job does not think of that you effort ministering.
meliorate created a work buddy for classes and you postulate to be reliable about your policy decide contribute you
few sixth sense on ways you are in need of one, you eff Lebron James Shoes For Sale Mulberry Bags Marc Jacobs Handbags Nike Air Max Canada Goose Jackets Babyliss Straighteners Kevin Durant Shoes Celine Bag Polo Ralph Lauren Outlet
Hermes Outlet Mac Cosmetics Wholesale Cheap UGGs Boots Beats By Dr Dre Kate Spade Outlet Celine Bags Christian Louboutin Outlet Online Christian Louboutin Shoes CHI Flat Iron Website Marc Jacobs Handbags Kevin Durant Shoes Kate Spade Outlet Prada Handbags Hermes Outlet Nike Air Max Pas Cher Chanel Outlet screw
your preferences. So close to live that impoverishment to
be careful of. get it on a teammate time they are in investigation results.
You should try written language out control later on you have nonheritable extraordinary of the most out of relative quantity, and that can confer with you on the days strip up to
This is my first time visit at here and i am really happy to read all at one place.
Also visit my web-site :: sex toys shop
You're so awesome! I don't suppose I've read anything like this before.
So good to find somebody with original thoughts on this
subject. Really.. many thanks for starting this up.
This website is one thing that's needed on the internet,
someone with a little originality!
Here is my web-site: g spot Vibrator
Nice article
Upcoming Movies of July 2016
From what I hold from scanning through the script, seems to work this way. First, it will add you to. Furthermore, it will load and extract your entire list and send itself to life cycle theory of leadership them, thus completing the cycle of infection. It can do this because of the fact that Orkut allows HTML to put in a memo.
Nice Article
Visit My Blog
How To Make Android Support OTG
Paket murah indosat 10,3GB Rp10.000
nice share.. keep posting.. thanks!
mencari uang di internet
Nice post! I like it.. visit my articles...
Download Instagram APK
Apa itu Instagram
Cara jualan di Instagram
Cara upload video ke Instagram
Cara mengganti foto profil Instagram
Cara menghapus foto di Instagram
keep posting! thanks..
Thanks a million and please keep up the
gratifying work.
Look into my blog..
Manfaat daun singkong
Manfaat daun pisang
Manfaat daun binahong
Cara mengobati keputihan
Manfaat daun sirih merah
Manfaat daun pepaya
Obat darah tinggi
Obat herbal diabetes
Obat herbal darah tinggi
Obat pelangsing herbal
Thank you for sharing the info
Nice post.. Thank you for sharing!
Perencanaan dalam trading forex
You're so wonderful! I don't assume I've perused anything like this some time recently.
So great to discover some individual with unique contemplations on this
subject. Truly.. much obliged for beginning this up.
i like it, thank for your info,
visit me
Free Download Kumpulan game Android
HENDRADROID
Game Terbaik
Location of the original scenario now returns an empty file. You must prevent any new injuries from now on. Note that while many people believe that the flash file is harmful way or another cara menghapus akun bbm di gmail
Nice artikel..
How to use leverage wisely
Very good website you have here but I was curious if you knew of any forums that cover the same topics talked about here?
visit my website.....Good acne Cure
Terimakasih telah memberikan informasi menarik. Jika tidak keberatan, silahkan anda mengunjungi blog saya, banyak artikel menarik, contoh seperti dibawah ini.
Cara Buat Akun Google Play Store Baru di Hp Android
Bagaimana Cara Membuat Akun Play Store
Cara Menghapus Akun Google Di Play Store
Cara Memperbaiki Google Play Store Yang Tidak Bisa Dibuka
Nice Post,
Information about cars and news about the latest cars. Visit my blog.
2019 Chevrolet Impala
2018 Toyota Prado
Sangat bagus sekali dan sungguh bermanfaat .. jangan lupa kunjungi web saya Showtv21 terimakasih banyak jadi sangat bagus
That is a very good tip particularly to those
fresh to the blogosphere. Simple but very precise information… Thank you for sharing this one.
A must read post!
Living room furniture
Bedroom furniture
Round dining room tables
Modern bathroom vanities
Cheap kitchen cabinets
Black kitchen cabinets
Home depot bathroom vanities
Black kitchen cabinets
Living room table sets
Kitchen island cart
Nice article
Thanks for the information
please visit my articles:
Health Benefits of Carrots
Health Benefits of Eggplant
Amazing Health Benefits of Eating Celery
Amazing Health Benefits of Cucumbers
Health Benefits of Potatoes
Health Benefits of Kale
Health benefits of Long bean for your body
Amazing Benefits Of Cassava For Health
Great Health Benefits Of Onions
Health Benefits of Beans
visit my site:
Dodografis
Site Design study
Download Calender 2018
How to make Rainbow effect corel draw
Gudrilogo
Logo download site
Logo Provinsi sulawesi tenggara
logo united nations
Natural Healty
Natural Healty Tips
Benefits of NAP for Health
Tips for maintaining oral health
dodografis.blogspot.com
gudrilogo.blogspot.com
naturalhealthy17.blogspot.com
Nice post...
Visit my blog posts please...
biaya umroh bulan januari
biaya umroh bulan februari
biaya umroh bulan maret
biaya umroh bulan april
biaya umroh bulan mei
biaya umroh bulan ramadhan
biaya haji onh plus
biaya umroh bulan desember
keutamaan umroh
Thank you...
Great. Thanks for sharing
Here is my blog post Rswd
Rumah Minimalis
Lirik Kunci Gitar Lagu
Download Lagu
Hanasui Naturgo
Kampung Kurma
Dapur
Kampung Buah Cikalong
Wow Great post, please visit back
www.onmusician.com
www.tipscara.xyz
www.tipstrick.xyz
Pada Bulan Januari 2018 telah disiapkan paket umroh yang akan memperhatikan kenyamanan bagi jamaah umroh dari jakarta. Pada paket umroh januari 2018 ini, fasilitas yang dipilih berorientasi kepada kenyamanan jamaah umroh dari jakarta saat melaksanakan ibadah umroh. Baik dari segi pesawat yang digunakan dan hotel yang ditempati di mekkah dan madinah berdasarkan keinginan untuk memberikan kenyamanan bagi jamaah umroh bulan januari 2018 dari jakarta. Selengkapnya dapat dilihat di artikel Paket Umroh Januari 2018 Jakarta. Terima kasih.
Jasa Pembuatan Gazebo
Kitchen Set
GAZEBO KAYU KELAPA
FURNITURE KAYU KELAPA
Paket Umroh Januari 2018 Jakarta Pusat
Paket Umroh Desember
Paket Umroh Januari 2018
Furniture Mebel
SanFai Property | Best Syariah Developer
SanFai Property | Developer Syariah
SANFAI PROPERTY | PERUMAHAN ISLAMI
SANFAI PROPERTY | HUNIAN ISLAMI
SANFAI PROPERTY | PERUMAHAN ISLAMI BERKUALITAS
Thank you for the information is very useful for us all ..
not only I need, but many people are looking for information about all this.
Jav Uncensored
Paket Umroh Bulan Maret | TRAVEL UMROH MURAH
Paket Umroh Bulan Maret | TRAVEL UMROH HAJI
Paket Umroh Bulan Maret
SANFAI PROPERTY
SanFai
Menara
Menara Wisata
Thank you for the information is very useful for us all ..
take the time also to stop by here, because you all will get very interesting information.
Financing Companies in the World
home ideas and designs
Home Ideas Decorating
About Audi Sportcars
air max 97
christian louboutin
adidas gazelle
jordan 6
hermes handbags bag
kyrie shoes
nike air max 270
converse shoes
harden shoes
christian louboutin shoes
I really like this blog, also visit my blog > hdtvku
Have something to say? Here's your chance!