Google-owned social network sees 400,000 users hit by XSS attack

By on

Attack on Orkut required no user interaction.

The Brazilian social network Orkut has been hit by a cross-site scripting (XSS) vulnerability that affected around 400,000 users.

Kaspersky Lab's Fabio Assolini said that the Google-owned website, used by 26 million Brazilians, was hit by an attack that requires no user interaction to be compromised.

He said: “You simply need to log into your profile and go visit a friend's profile. If you have a small picture of the Brazilian flag in your scraps section and so does your friend, you will be infected. When infected, this message calls an external JavaScript file and runs it.

“Everyone who is infected with this script is being added silently to a community called ‘Infected by the Virus of Orkut', which registers all of the users compromised by this new vulnerability.”

The description of the community translates as ‘You arrived here by a serious security vulnerability in Orkut. This vulnerability has already reported to Google and must be fixed soon. This community only has the intention of forcing a quicker fix'.

An update said that after more than 400,000 users were affected, Google fixed the XSS flaw.

See original article on

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?