Orkut worm hits 500,000 + users

As i already wrote about another similar Orkut Virus which uses the same technique as this Orkut worm created by Rodrigo Narrates

The Portuguese language attack exploited a vulnerability in Orkut's scrapbook feature to post malicious JavaScript code on a user's page.

The worm, which was reported yesterday by McAfee Avert Labs, had gained ground by spreading quickly from friend to friend.

The worm was transmitted when members received malicious scraps written in Portuguese. When translated to English, one scrap read, "2008 is coming. I wish that it begins quite well for you."
On viewing the scrapbook post, the code performed the exploit and downloaded a .js file to the user's machine.

The worm then took control of the user's account, sending out copies of itself to all of the user's friends and joining a group called 'Infectados pelo Vírus do Orkut', which translates as 'Infected by Orkut virus'.

With in the first 12 hours of the creation of the community the community got 400,000 members

Rodrigo says something like this about it :

August 8, 2006 was the date he came to know about an XSS but at that point of time he didn't have perfect programming skills to exploit the hole. He says, at that time he wanted to hack as many communities and profiles as he could on orkut. The hole was fixed soon.

December 19, 2007 , he came across a similar XSS and this time he had proper programming skills to do what ever he wanted to. But his state of mind was a bit different this time. His attempt was not to hack or hurt anyone but wanted to show how destructive this can be if used for evil purposes.

The virus spread through Orkut's new tool that allows users to write messages containing HTML code. The ability to add Flash/Javascript content to Orkut scraps was only recently introduced.

The worm does not appear to download any other malicious programs. Security experts said yesterday that the malicious code has been removed from users' pages and the worm has been taken offline.

Symantec researcher Umesh Wanve said that, although the attack was largely benevolent, it is worrisome because it was launched simply by loading the user's Orkut profile.

"This worm illustrates how a simple script injection exploit could affect a large social networking site," wrote Wanve in a company blog.

"This worm could have been used for other malicious purposes, such as stealing cookies, exploiting other vulnerabilities or stealing sensitive data."

McAfee researcher Vinay Mahadik expressed similar concerns. "This clearly illustrates the issue with allowing rich content on social/professional networking sites, and not sanitising it enough," he wrote on a company blog.

Orkut Says About it :

This week, the orkut team discovered that a user had exploited a bug in our scrapbook feature. As a result, many of you likely received scraps from friends of yours that they actually didn't send, and friends may have received scraps that appeared to come from you.

The orkut team responded quickly, and worked late into the night to fix the underlying issue and contain the spread of these scraps.

We believe that this action has been effectively stopped and you should no longer receive any more of these unintended messages. We appreciate your understanding in this case and hope that this did not create too much of an inconvenience for you or your fellow orkut friends.

Well this is all that i got to know about this Worm...If you guys get to know more about it...Then do let me know...
Read this to know How to be safe from these kinds of things