A Google official, admitted that because of this bug several people received scraps from friends, who claimed they had never posted any such scraps.
A virus, which has been fixed by Google, had affected between 4 lakh to 7 lakh users
MUMBAI: Google recently added a new feature on Orkut where users can post Active X Content on their friend’s scrapbook. But the feature turned out to be Google’s nemesis as an attacker used the vulnerability and posted a virus that affected between 4,00,000 to 7,00,000 Orkut users. Though Google managed to fix the bug on Thursday, the incident has highlighted the security aspects of social networking sites such as Orkut that have a huge following in countries like India.
A Google official, who requested anonymity, admitted that because of this bug several people received scraps from friends, who claimed they had never posted any such scraps. “The newly introduced scrapbook feature had been exploited,” the official said.
According to Chetan Gupta, a 26-year-old independent cyber security expert, “The feature allows users to post clips, songs, animation etc on their as well as other user’s scrapbooks,” he said.
Users who were attacked got a message in their mailboxes informing them that someone had posted a scarp on their profile. The scrap, written in Portugese, when translated into English reads: “2008 is coming… I wish that it begins quite well for you.”
As soon as the user viewed the post, the virus downloaded a file to the user’s computer. The worm then took control of the user’s account and enlisted a group called ‘Infectados pelo Vírus do Orkut’, which translates as ‘Infected by Orkut virus’. The virus also sent copies of itself to all the friends of the user and repeated the process.
According to vnunet.com, the virus infected seven lakh Orkut users within 24 hours before Google was able to rectify the problem. The virus was not supposed to do any real harm to the users. The intent, according to a blog posting on Trend Micro, was to only make a point. The blog post says “It appears from both the script that this script was designed purely to spread, rather than for more malicious purposes. The author has pulled the malicious JavaScript from the Web, having gotten his point across.”
A Google spokesperson said that the internet search giant takes the security of its users very seriously. “We worked quickly to implement a fix for the issue. Service to Orkut was not disrupted during this time.” This is not the first time a virus like this has targeted a social network. MySpace too was attacked by ‘Samy Is My Hero’ worm in 2005.
k_dhananjay@dnaindia.net, t_mayank@dnaindia.net
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}
)
){kind=small}
){kind=small}
)
)
)
)
)
){kind=small}
){kind=small}
){kind=small}
){kind=small}
){kind=small}