Comments on: The Orkut XSS Worm

By: hanush

hanush — Sun, 09 Nov 2008 19:43:21 +0000

How can i put ths script as scrap. i just got ths as a scrap in orkut from a frnd of mine.

By: Orkut Latest XSS Worm; and what it means for Indian Orkuteers | Code in my Bug!!!

Wed, 07 May 2008 09:37:22 +0000

[...] Slackers (Social n/w worm, or no). Anyhoo. This incident has already been reported by a number of bloggers, so I won’t dive into the technical details. However, this worm seems to be harmless and [...]

By: cristiano

cristiano — Mon, 14 Apr 2008 16:53:15 +0000

var flashWriter = new _SWFObject('http://www.orkut.com/GLogin.aspx?cmd=logout', '77299695', '300', '300', '9', '#FFFFFF', 'autohigh', '', '', '77299695'); flashWriter._addParam('wmode', 'transparent'); flashWriter._addParam('allowNetworking', 'internal'); flashWriter._addParam('allowScriptAccess', 'never'); flashWriter._setAttribute('style', ''); flashWriter._write('flashDiv77299695');

By: Ryan

Ryan — Fri, 21 Dec 2007 20:28:37 +0000

that code is packed with dean edwards javascript packer. if anyone needs any help deciphering what it does I wrote an article on defeating that packer, you can find it here:

http://yaisb.blogspot.com/2006.....cript.html

By: Ix

Ix — Thu, 20 Dec 2007 19:43:37 +0000

Almost 660 thousand hit by this, unless some people joined the group without being infected… Anyone know how long it was out in the wild before it was fixed? I’ve only heard that it’s been fixed but nothing on how long it took, and it would be nice to have a time amount to compare to the 659154 members.

Guess the good news is it was just a proof and not an actual attack, else life would be bad for those members right now, and nothing can wreck the holiday season like identity theft and its other related problems.

By: Raaka!

Raaka! — Thu, 20 Dec 2007 18:40:37 +0000

var flashWriter = new _SWFObject('http://www.orkut.com/GLogin.aspx?cmd=logout', '77299695', '300', '300', '9', '#FFFFFF', 'autohigh', '', '', '77299695'); flashWriter._addParam('wmode', 'transparent'); flashWriter._addParam('allowNetworking', 'internal'); flashWriter._addParam('allowScriptAccess', 'never'); flashWriter._setAttribute('style', ''); flashWriter._write('flashDiv77299695');

seen this ?

By: Liquidmatrix Security Digest » Security Briefing: December 20th

Liquidmatrix Security Digest » Security Briefing: December 20th — Thu, 20 Dec 2007 13:37:44 +0000

[...] The Orkut XSS Worm (source for the worm is posted as well) [...]

By: Orkut Latest XSS Worm; and what it means for Indian Orkuteers « Hey! There is Code in my BUG!

Thu, 20 Dec 2007 12:26:20 +0000

By: pdp

pdp — Wed, 19 Dec 2007 22:01:57 +0000

well, the worm wasn’t anything special and I guess tis is the good thing. :) if it was armed with some exploits simple channeled via MPack or WebAttacker, the casualties would have been a lot more.

By: Psychlo

Psychlo — Wed, 19 Dec 2007 18:39:05 +0000

the blog.. cut my code.. sry…

By: Psychlo

Psychlo — Wed, 19 Dec 2007 18:38:16 +0000

brazilians are the best asuhs (just kiddin’..).. actually this was corrected today 19/12/07 and it doesn’t infected really because the “virus” just added people into a community… the possibilities of joinning vulnerabilities could cause a bigger damage…

but now it’s already fixed..

By: Tarun

Tarun — Wed, 19 Dec 2007 18:15:01 +0000

Great Effort By yOU !!!tHX

By: ICMPECHO » Blog Archive » Orkut XSS worm infected 400,000 users

ICMPECHO » Blog Archive » Orkut XSS worm infected 400,000 users — Wed, 19 Dec 2007 12:56:29 +0000

[...] more information, including source code for the virus, see: Antrix.net or GNUCITIZEN’s posts on the [...]