fast-moving worm has infected more than 700,000 users on Google's Orkut social network in just 24 hours.
The Portuguese language attack exploited a vulnerability in Orkut's scrapbook feature to post malicious JavaScript code on a user's page.
On viewing the scrapbook post, the code performed the exploit and downloaded a .js file to the user's machine.
The worm then took control of the user's account, sending out copies of itself to all of the user's friends and joining a group called 'Infectados pelo Vírus do Orkut', which translates as 'Infected by Orkut virus'.
The worm does not appear to download any other malicious programs. The malicious code has been removed from users' pages and the worm has been taken offline.
No comments:
Post a Comment