Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Orkut XSS Worm - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Orkut XSS Worm

A vulnerability in the social networking site Orkut that allowed users to inject HTML and JavaScript into their profiles set the stage for a persistent XSS worm that appears to have affected approximately 400,000 Orkut users.  The malicious code is apparently fetched from the site "http://files.myopera.com" and is called, conveniently enough, "virus.js."

Tom

160 Posts
ISC Handler
virus.js file and the user serving the file are now banned from files.myopera.com / My Opera Community.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!