Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Orkut XSS Worm

Published: 2007-12-19
Last Updated: 2007-12-19 17:57:39 UTC
by Tom Liston (Version: 1)
1 comment(s)

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users.  The malicious code is apparently fetched from the site "http://files.myopera.com" and is called, conveniently enough, "virus.js."

Keywords:
1 comment(s)
Diary Archives