Culture

Report: Google's Orkut fights off worm attack

Worm creates scrapbook entries on Orkut profiles and then propagates to friends on the network.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Dec. 20, 2007 9:25 a.m. PT

Update Dec. 20 with Google comment

A computer worm has been spreading on Google's big-in-Brazil Orkut social network, according to a report on the Sounds from the Dungeon blog.

The relatively harmless worm appears to use JavaScript and Flash code to create new scrapbook entries on profiles with a New Year's message in Portuguese before propagating to the victim's friends.

It may have infected as many as 400,000 users, according to a post on a blog called "c0d3w12."

According to the Packet Storm security site, a vulnerability affecting Orkut was discovered November 8 and fixed last week. It was not clear whether this was the same vulnerability that was allowing the worm to spread.

"It appears Google has responded quickly," writes a blogger on ValleyWag. "Too bad. If Google had let the worm rampage, maybe some American users might actually hear about Orkut for the first time."

A Google representative sent this e-mail comment: "Google takes the security of our users very seriously. We worked quickly to implement a fix for the issue recently reported in orkut. We also took steps to help prevent similar problems in the future. Service to orkut was not disrupted during this time."