Orkut XSS Worm

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users.  The malicious code is apparently fetched from the site "http://files.myopera.com" and is called, conveniently enough, "virus.js."


160 Posts
Dec 19th 2007
virus.js file and the user serving the file are now banned from files.myopera.com / My Opera Community.

Sign Up for Free or Log In to start participating in the conversation!