Announcement: This blog is now moved to new domain:

Saturday, March 15, 2008

BEWARE! - Worm in Orkut Scrap

Recently I received some common scarps from my friends on Orkut. I suspected a worm and carefully read its messages and acted upon. The scrap message says:

The click here link takes to the profile of a female - [BANI :) => I AM "MTV ROADIES" GIRL ]. And the About me section contains the following information:

And now comes the tricky part - this message shows a trick to open anyone's locked photo album and instructs the user to copy/paste a javascript line of code. If anyone tries these steps, then this javascript sends similar scrap to his/her friends list. This way, the worm keeps spreading from one Orkut user to another. The javascript code [orkut0.js] hosted on a public site, which can become a threat to Orkut community. A quick code review of this JS file, revealed the following:
1) It makes use of XMLHTTP calls and the javascript code contains some text about YoutTube and SQL Injection related stuff.
2) Finally, it internally calls the loadFriends() javascript function, which starts its work.
3) loadFriends() function composes a new scrap message.
4) and runs the SendScrapToAll() function, which sends the same message again to other Orkut friends.
As this javascript runs on the same browser instance, it smartly makes use of the User Session and does not require any additional authentication.

With this post of mine, I would urge all the Internet users to be alert w.r.t communities like Orkut and other spoof mails which provides you a link to click.

No comments: