A preliminary analysis of “Bom Sabado” orkut worm
So, today morning I received an email saying I received an Orkut scrap from a friend with contents “Bom Sabado”. Within a minute, I received the same scrap from another friend. Now getting the feeling that this must be some sort of worm, I decided to open Orkut with firebug logging enabled to see what was going on. It turns out that it’s a typical case of Cross-Site Scripting (XSS), the attacker can inject and execute its script from hxxp://tptools.org/worm.js and the contents of scrap are able to by-pass Orkut sanitization.