14 DAY TRIAL // A cross-site scripting vulnerability was exploited Saturday on Orkut to launch a fast-spreading worm that auto-posted a rogue message reading "Bom Sabado" on people's scrapbooks.
"Bom Sabado" means "Good Saturday" in Portuguese, which led some people to assume that the worm originated in Brazil, where Orkut has a significantly large user base.
The messages, which has rogue JavaScript code embedded into them, forced logged in users to repost them on their friends' scrapbooks (the equivalent of "Walls" on Facebook).
The attack was extremely viral and affected almost 10% of all Orkut users, 70% of which are from India or Brazil. The social network has over 52 million users.
Google fixed the underlying vulnerability in a matter of hours. "[…] We've contained the "Bom Sabado" virus and have identified the bug that allowed this and have fixed it. We're currently working on restoring the affected profiles," a Google employee named Doree announced on the Orkut Help forum.
According to some reports, the worm also automatically subscribed victims to a group. However, News Live quotes a Google spokesperson saying the attack wasn't malicious.
Nevertheless, it would be very sensible for affected users to change their Google account password. Google's Doree also recommends clearing the browser's cookies and cache.
Persistent cross-site scripting vulnerabilities (XSS), like the one exploited in this attack, are the result of failing to properly sanitize input into forms, which allows attackers to insert malicious code into pages.
Social networking XSS worms are not a new concept. The first high profile attack of this type was launched on MySpace back in October 2005 by a hacker named Samy Kamkar and affected over one million users. It became known as the Samy worm.
A similar one was released and wreaked havoc on Twitter just last week. The micro-blogging site was also affected by a cross-site request forgery (CSRF) mass attack this weekend, but the exploit required users to click on a link.