Orkut Users Infected by Virus

By David Masters

Users of social networking sites beware. This week thousands of members of Orkut, Google’s social networking site, became infected by a potentially malicious worm. At its most dangerous, the virus was infecting over 100 users every minute.

Members of Orkut, a networking website similar to Facebook and MySpace, were sent an email by the worm telling them that they had a new scrapbook entry - a message on their Orkut profile. If a user then visited their profile they became infected by the worm, which would pass itself on their Orkut friends.

Fortunately, it appears that the worm does not attempt to steal users’ private data; in fact it does nothing more virulent than add users to the Orkut group ‘Infectados pelo Vírus do Orkut’, Portuguese for ‘Infected by the Orkut virus’. The group description says that the virus was created to demonstrate how Orkut could be potentially dangerous for its members without them noticing anything out of the ordinary.

Blogger Kee Hinckley thinks it ‘unlikely’ that worms such as Infectados pelo Vírus do Orkut could ever access user passwords, although he concedes that they ‘could potentially access other private information.’

The stunt was made possible because Orkut scrapbook allows users to post messages in HTML code, but may well lack a filter against malicious JavaScript.

Google has been made aware of the virus through the Orkut help forum. The virus has also been noted by Orkut Plus, an Orkut security tips blog.