Google: Orkut’s “Bom Sabado” Worm Did Not Compromise User Information
By on September 26th, 2010

Yesterday, Orkut was paralyzed and transformed into a booby trapped minefield by the “Bom Sabado” worm that spread like wildfire. While most of the world was oblivious to the attack, its effect was felt in countries like India and Brazil where Orkut has a sizable presence.

Orkut-Hacked

As suspected, the worm exploited an XSS (cross-site scripting) vulnerability present in Orkut, to load a third-party JavaScript that automatically sent scraps to everyone in an affected user’s friend list. However, contrary to popular belief, user’s cookies weren’t stolen or poisoned.

A Google spokesperson issued the following statement:

We took swift action to fix a cross-site scripting (XSS) vulnerability on orkut.com that was discovered early Saturday. We were aware of a script being used to spread messages on orkut, but our analysis of the script code did not reveal any evidence of users’ accounts becoming compromised; nonetheless, the issue is now resolved. We’re in the process of cleaning affected profiles, and we are studying the vulnerability to help prevent similar issues in the future.

Tags: , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN