Rediff.com« Back to articlePrint this article

Worm exposes vulnerability in Orkut

December 20, 2007 18:40 IST

A recent, relatively harmless worm attack on Orkut, Google's popular social networking website, has once again highlighted the increased vulnerability of web applications, InfoWorld reported.

Blogger Kee Hinckley, on his site, TechnoSocial, wrote that some Orkut users had received e-mail messages informing them that they had received a scrapbook message from a friend.

When these users would view their Orkut profiles, they would be infected by the worm and be added to an Orkut group 'Infectados pelo Vírus do Orkut', Hinckley wrote.

The group's name, in Portuguese, translates to 'Infected by the Orkut virus'.

The group's description revealed that the worm's purpose was to expose the vulnerability of Orkut, and the dangers it posed to its users. There was no attempt made to steal data, the report added.

Hinckley wrote that at one point in time, new members were being added to the group at the rate of 100 per minute, and that the total number of members in the group had reached a few hundred thousand. The problem, however, was soon fixed.

The site's scrapbook feature allows friends to post messages on a user's profile. According to Hinckley, the messages contain HTML code and may be unable to filter out dangerous JavaScript.

Like India, Orkut is massively popular in Brazil, but has failed to take off in other territories, where MySpace and Facebook are more popular.