Orkut under Cross-Site Scripting (XSS) Attack @ tk here on Wednesday, December 19, 2007 1:32 PM
You could also try tk Social Bookmarking Search or tk Video Search!

Wednesday, December 19, 2007

Orkut under Cross-Site Scripting (XSS) Attack

Right at this very moment, a cross-site script has been spreading like wildfire in Orkut communities due to a flaw in Google's Orkut.

If you've read the following scrapbook entry in Orkut

2008 vem ai... que ele comece mto bem para vc

from one of your friends, you're infected. Simply viewing the message alone is sufficient for your Orkut account to be added a new community named "Infectados pelo Vírus do Orkut" and be an unwilling new host for the worm. At the time of this writing, the number of Orkut members in Infectados pelo Vírus do Orkut is already at the 400K mark.

According to a posting made by the author of this worm, Rodrigo Lacerda, this script is not malicious in any way, well except for making you an unwitting participant of his experiment. You can verify this for yourself as someone has posted the decoded javascript source of the script at . The original is located at . Still, changing your password isn't terribly difficult.

From what I can grasp from scanning through the script, it appears to work this way. First, it'll add you to http://www.orkut.com/CommunityJoin.aspx?cmm=44001818. Next, it'll load and extract your entire friends list and send itself to them, thus completing the infection cycle. It is able to do this because of the fact that Orkut allows HTML to be inserted into scraps.

Apparently "2008 vem ai... que ele comece mto bem para vc" is roughly translated into 2008 is coming... that it begins is really good for you. It doesn't seem to look that way for Orkut engineers.

Edit: Btw, the excessive traffic generated by this script is partly due to the fact that it will continually attempt to contact Orkut's servers if it fails to do what it wants on the first try (force you into the above-mentioned community and load your friend's list).

Update: The original script location now returns an empty file. That should prevent any new infections from now on. Note that while many folks think that the flash file is somehow malicious, I'm quite sure that it isn't because http://www.orkut.com/LoL.aspx (source of the flash) doesn't even exist!

The embed code is simply the vector through which the malicious script is loaded. This is because it is crafted in such a way that your browser will parse and execute the javascript contained in the embed code. Hence the best way to mitigate this would be to use the rather than , since javascript is the real culprit here.

Btw, you should thank Rodrigo Lacerda for highlighting this vulnerability in such a manner.



22 people had something to say! Why don't you join in? The more the merrier!

On 01 May, 2013 21:24, Anonymous said...

Oh my goodness! Impressive article dude! Thank you, However I am having issues with
your RSS. I don't understand the reason why I cannot join it. Is there anybody getting the same RSS issues? Anyone who knows the answer can you kindly respond? Thanx!!

My site: bmi chart male

On 12 May, 2013 02:38, Anonymous said...

My brother recommended I might like this website.
He was entirely right. This post truly made my day. You cann't imagine just how much time I had spent for this information! Thanks!

Take a look at my web page ... dj nunta

On 19 June, 2013 06:51, Anonymous said...

Published: Tuesday, April 8, 2008 11:07 AM CDT Following the January reports of unidentified flying
objects over Dexter Missouri Nutrition Center, causing a worldwide stir among curious journalists and UFO enthusiasts.

Also visit my web page; zachariah hedrick

On 11 June, 2014 16:49, Anonymous said...

I'm extremely impressed together with your writing talents as well as with the structure to your blog.
Is this a paid theme or did you modify it yourself?

Either way stay up the excellent quality writing, it is uncommon to
see a great weblog like this onee today..

Take a look at my website; ihacktivation

On 01 July, 2014 05:56, Anonymous said...

Most of the new functions appear too-much like social media giant Facebook.
Many individuals ignore this quite simple phase.

No commandline scripts and no lousy dark DOS-like monitor!

my site :: whatsapp for pc windows xp free download

On 09 September, 2014 23:12, Anonymous said...

You're so awesome! I don't suppose I've read anything like this before.
So good to find somebody with original thoughts on this
subject. Really.. many thanks for starting this up.

This website is one thing that's needed on the internet,
someone with a little originality!

Here is my web-site: g spot Vibrator

On 21 July, 2016 16:20, elizabeth said...

From what I hold from scanning through the script, seems to work this way. First, it will add you to. Furthermore, it will load and extract your entire list and send itself to life cycle theory of leadership them, thus completing the cycle of infection. It can do this because of the fact that Orkut allows HTML to put in a memo.

On 08 October, 2016 16:11, Cek Mus said...

Nice post! I like it.. visit my articles...

Download Instagram APK
Apa itu Instagram
Cara jualan di Instagram
Cara upload video ke Instagram
Cara mengganti foto profil Instagram
Cara menghapus foto di Instagram

keep posting! thanks..

On 31 October, 2016 15:40, tipscaraalami.com said...

Thanks a million and please keep up the
gratifying work.

Look into my blog..

Manfaat daun singkong
Manfaat daun pisang
Manfaat daun binahong
Cara mengobati keputihan
Manfaat daun sirih merah
Manfaat daun pepaya
Obat darah tinggi
Obat herbal diabetes
Obat herbal darah tinggi
Obat pelangsing herbal

Thank you for sharing the info

On 07 November, 2016 08:19, Anonymous said...

Nice post.. Thank you for sharing!

Perencanaan dalam trading forex

On 11 November, 2016 15:49, Kumpulan BBM Mod, Game dan Aplikasi Android Update said...

You're so wonderful! I don't assume I've perused anything like this some time recently.

So great to discover some individual with unique contemplations on this

subject. Truly.. much obliged for beginning this up.

On 29 November, 2016 00:00, daftar email gratis said...

Location of the original scenario now returns an empty file. You must prevent any new injuries from now on. Note that while many people believe that the flash file is harmful way or another cara menghapus akun bbm di gmail

On 08 February, 2017 22:17, Anonymous said...

Nice artikel..

How to use leverage wisely

On 27 April, 2017 12:11, Anonymous said...

Very good website you have here but I was curious if you knew of any forums that cover the same topics talked about here?
visit my website.....Good acne Cure

On 30 June, 2017 08:25, Unknown said...

Nice Post,
Information about cars and news about the latest cars. Visit my blog.

2019 Chevrolet Impala

2018 Toyota Prado

On 13 August, 2017 21:11, Unknown said...

Sangat bagus sekali dan sungguh bermanfaat .. jangan lupa kunjungi web saya Showtv21 terimakasih banyak jadi sangat bagus

On 22 September, 2017 02:49, Unknown said...

Nice article
Thanks for the information
please visit my articles:

Health Benefits of Carrots
Health Benefits of Eggplant
Amazing Health Benefits of Eating Celery
Amazing Health Benefits of Cucumbers
Health Benefits of Potatoes
Health Benefits of Kale
Health benefits of Long bean for your body
Amazing Benefits Of Cassava For Health
Great Health Benefits Of Onions
Health Benefits of Beans

On 21 November, 2017 00:19, Admin said...

Nice post...
Visit my blog posts please...
biaya umroh bulan januari
biaya umroh bulan februari
biaya umroh bulan maret
biaya umroh bulan april
biaya umroh bulan mei
biaya umroh bulan ramadhan
biaya haji onh plus
biaya umroh bulan desember
keutamaan umroh
Thank you...

On 12 December, 2017 17:14, Anonymous said...

Wow Great post, please visit back


On 14 February, 2018 19:25, Anonymous said...

Thank you for the information is very useful for us all ..

not only I need, but many people are looking for information about all this.

Jav Uncensored

On 02 January, 2020 12:51, pery saputra said...

I really like this blog, also visit my blog > hdtvku

On 05 January, 2022 21:12, Anonymous said...

Sangat bagus nih yalla shoot streaming

You could also try tk Social Bookmarking Search or tk Video Search!