700,000 Hit by Google 'Social' Virus

Hundreds of thousands of users on Google's social networking site have had their computers infected by a 'worm' virus. One source reports 400,000 computers fell victim, while another puts the figure at over 700,000.

The attack took place in the Portuguese language, likely because the Orkut site is particularly popular in Brazil. The virus took advantage of a loophole in the site's scrapbook feature to post a JavaScript code on users' personal pages. JavaScript is a type of computer code commonly used to make websites interactive.

The code then sent copies of itself to a user and his or her online friends, automatically signing them up to a group titled 'Infectados pelo Vírus do Orkut', which translates as 'Infected by Orkut virus'. (vnunet.com)

It appears the virus doesn't cause damage to computers. Security experts believe it was a 'proof-of-concept' attack: an experiment to see if a particular method of spreading a virus would work.

It only took a user visiting a profile to trigger the attack. By definition, an online social network involves many intricately connected users, meaning such a virus can spread extremely quickly. It's thought the virus was infecting as many as 100 people a minute at one point. (Source: topnews.com)

Orkut only recently made it possible to add Javascript coding to profile pages. It was designed to allow users to include content created with the Flash system, such as short animated movies.

Google say they have now removed the virus and have taken steps to prevent future attacks. However, they didn't say whether or not this included adding a filter to remove potentially harmful Javascript.

Users of social networking sites probably shouldn't panic yet; it doesn't appear hackers have found a way to cause serious damage through such attacks. But, the sheer speed with which this virus spread illustrates the potential for abuse if such a method is found. If nothing else, this incident should be a reminder that it's safest not to include any information on a networking site that you wouldn't be happy for even for the most devious criminal to know.