Thursday, December 20, 2007 11:03 AM
cmosby
SANS Internet Storm Center - Orkut XSS Worm
Orkut XSS Worm
Published: 2007-12-19,
Last Updated: 2007-12-19 17:57:39 UTC
by Tom Liston (Version: 1)
A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users. The malicious code is apparently fetched from the site "http://files.myopera.com" and is called, conveniently enough, "virus.js."
1 comment(s)
Source: SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
Filed under: Internet Hacks, Security