Orkut Hit by XSS WormBy Craig Buckler
First Twitter was hacked. Then Facebook went down. Now it’s Orkut’s turn. Google’s social networking site has been attacked by the virulent “Bom Sabado” worm. Bom Sabado means “Good Saturday” in Portuguese, the native language of Brazil where the worm is thought to have originated. Orkut is the most popular social site in Brazil, India and several other countries.
The worm replicates itself across accounts and randomly sends “Bom Sabado” messages to friend’s scrapbooks — Orkut’s version of Facebook’s wall. Google support recently announced that the worm had been contained and they are in the process of cleaning infected accounts. However, the company recommends vigilance when accessing accounts — users should be especially wary about clicking suspicious links.
If you have been infected, you should log out, clear your browser’s cookies and cache and change your Google account password immediately at google.com/accounts.
The attacks raise an interesting question: are hackers and spammers turning their attention to social networks? XSS infections are easier to create and distribute than viruses or malware which can be detected by PC software. In addition, the exploits spread quickly and cross system boundaries — it doesn’t necessarily matter which OS or browser is being used.
The networks have proved themselves vulnerable. All companies state security is a top priority, but it’ll never be as important as usability or encouraging new sign-ups. Open APIs and third-party applications also provide another means of attack. Perhaps it’s just a matter of time before we see self-replicating worms which can distribute themselves throughout a network without any user interaction.
Then again, these attacks have provided the social networks with considerable mainstream attention. Bad news is better than no news whatsoever. Orkut is relatively unknown in the US and Europe, so perhaps the worm is a massive Google publicity stunt! But I’d never suggest such as thing. I’ll leave that to the cynical conspiracy theorists…