The attack worked because the social networking site allowed users to embed Flash content in their scrap posts.
Google says it has repaired a security issue in its Orkut social networking site that allowed a worm to propagate among at least 400,000 Orkut users.
"Google takes the security of our users very seriously," a company spokesperson said in an e-mail Wednesday evening. "We worked quickly to implement a fix for the issue recently reported in Orkut. We also took steps to help prevent similar problems in the future. Service to Orkut was not disrupted during this time."
Orkut, Google's first pass at social networking, was launched in January 2004 and named after its creator and Google employee, Orkut Buyukkokten. The site is reported to have in excess of 67 million registered users overall. By comparison, MySpace boasts 110 million users.
On Wednesday afternoon, Trend Micro antivirus engineer Robert McArdle published a blog entry warning that a worm was replicating itself across Orkut using a Flash object that invokes malicious JavaScipt code.
According to McArdle, the worm was a proof-of-concept attack. "The possible implications of a more malicious attack in the future however are much more worrying," he said.
A number of security firms and organizations have warned that social networking sites are likely to be exploited more frequently in 2008. "Social networking is a new risk," said GetSafe Online, a U.K. security organization backed by the government and tech companies, in conjunction with a November press event. "Twenty-five percent of people surveyed shared confidential information with strangers on social networking sites."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.