Orkut, Google’ social networking web site, was hit by a relatively harmless worm. According to a report written by blogger Kee Hinckley on his web site TechnoSocial, the virus infected Orkut’s users through emails.
Some of Google’s social networking web site’s users received an email telling that they had been sent a new scrapbook entry from another Orkut user. The scrapbook entry is a type of message on Orkut. Thus, the targeted users had only to access their profiles to become infected by the virus. They were also added to an Orkut group, “Infectados pelo Virus do Orkut,” as Kee Hinckley wrote on his web site.
The name of the group is in Portuguese and it translates to “infected by the Orkut virus.” Orkut is mostly popular in Brazil and India, rather than in the United States, where it can’t catch up with its tough highly popular rivals Facebook and MySpace.
However, although the worm that attacked Google’s Orkut was relatively harmless, it seems that its creators wanted to demonstrate that this social networking web site’s users are in danger even if they do no click on malicious links. The Orkut worm was also noted by Orkut Plus, a web site that offers security tips for Google’s social networking site, and discussed in Google’s own Orkut help group.
The worm apparently did not try to steal any personal data.
Google security personnel clamped down to stop the spread of a prolific spam worm launched on its social networking site Orkut.
"Google takes the security of our users very seriously. We worked quickly to implement a fix for the issue recently reported in Orkut. We also took steps to help prevent similar problems in the future. Service to Orkut was not disrupted during this time," a Google spokesperson said in a written statement.
The worm, which was reported yesterday by McAfee Avert Labs, had gained ground by spreading quickly from friend to friend. The virus affected the profiles of almost 400,000 of its members, most of which were from Brazil. While Google initially aimed Orkut toward users in the United States, the networking site has become incredibly popular in Brazilian communities.
"(The attack) was obviously very targeted at the Brazilian community specifically," said Dave Marcus, security and information manager at McAfee Avert Labs.
The worm was transmitted when members received malicious scraps written in Portuguese. When translated to English, one scrap read, "2008 is coming. I wish that it begins quite well for you."
Upon receiving the scraps, the members' browsers then downloaded and executed the embedded virus. After adding its victims to a community called "Infectados Pelo Virus Orkut" or "Those Infected by the Orkut Virus," the worm then started to send messages to members of the affected user's friends list.
The virus spread through Orkut's new tool that allows users to write messages containing HTML code. The ability to add Flash/Javascript content to Orkut scraps was only recently introduced.
So far, there has been no evidence that the worm maliciously harmed users' PCs, security researchers say. "All it does is it adds the user to this one particular Okut group. As far as malware goes, it's rather innocuous," said Marcus. "On a scale of one to 10, it's pretty low."
McAfee security researchers said earlier today that some of the scraps had already disappeared, indicating that Orkut and Google had begun to address the problem.
The worm was symptomatic of a growing trend of malware that has flourished on social networking sites. Last month, MySpace sites for singer Alicia Keys and other musicians were targeted with an attack that installed malicious software on the PCs of members visiting the musicians' sites.
Another attack was launched last summer on the popular networking site Facebook, in which the perpetrators used small pop-up ads to force the user to purchase security software and download a computer virus.
These attacks raise the question of how to keep Web 2.0 sites secure, researchers say. While the spread of the Orkut worm appears to have abated, security analysts advise that members keep their antivirus software updated in order to remain protected against this and other viruses.
No comments:
Post a Comment