Home > Uncategorized > BEWARE! – Worm in Orkut Scrap

BEWARE! – Worm in Orkut Scrap

Recently I received some common scarps from my friends on Orkut. I suspected a worm and carefully read its messages and acted upon. The scrap message says:

The click here link takes to the profile of a female – [BANI 🙂 => I AM “MTV ROADIES” GIRL ]. And the About me section contains the following information:

And now comes the tricky part – this message shows a trick to open anyone’s locked photo album and instructs the user to copy/paste a javascript line of code. If anyone tries these steps, then this javascript sends similar scrap to his/her friends list. This way, the worm keeps spreading from one Orkut user to another. The javascript code [orkut0.js] hosted on a public site, which can become a threat to Orkut community. A quick code review of this JS file, revealed the following:

1) It makes use of XMLHTTP calls and the javascript code contains some text about YoutTube and SQL Injection related stuff.
2) Finally, it internally calls the loadFriends() javascript function, which starts its work.
3) loadFriends() function composes a new scrap message.
4) and runs the SendScrapToAll() function, which sends the same message again to other Orkut friends.
As this javascript runs on the same browser instance, it smartly makes use of the User Session and does not require any additional authentication.

With this post of mine, I would urge all the Internet users to be alert w.r.t communities like Orkut and other spoof mails which provides you a link to click.
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: