Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Orkut XSS Worm SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Orkut XSS Worm

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users.  The malicious code is apparently fetched from the site "" and is called, conveniently enough, "virus.js."


160 Posts
Dec 19th 2007
virus.js file and the user serving the file are now banned from / My Opera Community.

Sign Up for Free or Log In to start participating in the conversation!