The failure of security that caused the infection of more than 190 thousand users on Orkut has been fixed by Google. In a statement, the American company says the cause of this problem was a code in the ‘New Orkut’, which was modified by the developers of social network.
“We took swift action to correct a vulnerability to cross-site scripting (XSS) in orkut.com which was discovered a few hours ago. Our analysis of the script code does not reveal any malicious activity. The problem is now resolved, but continued studying Vulnerability to help avoid similar problems in future, “Google said in a statement.
The flaw led the users to be included in the community “Infected by Orkut Virus”, without any need for approval. The group came to be deleted by the site staff in the early afternoon, but the hackers recreated using the same loophole. Besides becoming a member, the user started sending malicious code to your contacts through the network message.
Users who were infected by the code should clear browser history and delete temporary files. It is further recommended that the password for access to social networking should be replaced.