Google Stops Orkut Worm Attack


Printer-friendly version Email this CRN article

Google security personnel clamped down to stop the spread of a prolific spam worm launched on its social networking site Orkut.

"Google takes the security of our users very seriously. We worked quickly to implement a fix for the issue recently reported in Orkut. We also took steps to help prevent similar problems in the future. Service to Orkut was not disrupted during this time," a Google spokesperson said in a written statement.

The worm, which was reported yesterday by McAfee Avert Labs, had gained ground by spreading quickly from friend to friend. The virus affected the profiles of almost 400,000 of its members, most of which were from Brazil. While Google initially aimed Orkut toward users in the United States, the networking site has become incredibly popular in Brazilian communities.

"(The attack) was obviously very targeted at the Brazilian community specifically," said Dave Marcus, security and information manager at McAfee Avert Labs.

The worm was transmitted when members received malicious scraps written in Portuguese. When translated to English, one scrap read, "2008 is coming. I wish that it begins quite well for you."

Upon receiving the scraps, the members' browsers then downloaded and executed the embedded virus. After adding its victims to a community called "Infectados Pelo Virus Orkut" or "Those Infected by the Orkut Virus," the worm then started to send messages to members of the affected user's friends list.

The virus spread through Orkut's new tool that allows users to write messages containing HTML code. The ability to add Flash/Javascript content to Orkut scraps was only recently introduced.

So far, there has been no evidence that the worm maliciously harmed users' PCs, security researchers say. "All it does is it adds the user to this one particular Okut group. As far as malware goes, it's rather innocuous," said Marcus. "On a scale of one to 10, it's pretty low."

McAfee security researchers said earlier today that some of the scraps had already disappeared, indicating that Orkut and Google had begun to address the problem.

The worm was symptomatic of a growing trend of malware that has flourished on social networking sites. Last month, MySpace sites for singer Alicia Keys and other musicians were targeted with an attack that installed malicious software on the PCs of members visiting the musicians' sites.

Another attack was launched last summer on the popular networking site Facebook, in which the perpetrators used small pop-up ads to force the user to purchase security software and download a computer virus.

These attacks raise the question of how to keep Web 2.0 sites secure, researchers say. While the spread of the Orkut worm appears to have abated, security analysts advise that members keep their antivirus software updated in order to remain protected against this and other viruses.

Printer-friendly version Email this CRN article