Orkut Spam is in the wild…….
Yesterday someone reported that malicious javascript is circulating in the wild which results lots of spam to the Orkut users for the Innobuzz courses details.I contacted to the author of blog and he gave me shocking reply what he got.
“This is Rohit. Im the person responsible for developing the Orkut script ( Anybody who wants to sue this is the buddy) which you are taking about.
First let me tell you that I would have done the same as what you have done if I were in your shoes but our company has not at all created this script. The script which we created is available here: Website_name .This was circulated in closed environment within a few friends to show how orkut can be used for spamming purposes. (It means Innobuzz is teaching how to spam through Orkut!! Under US Law to teach like that is illegal and subjected to punishment) However, it seems that someone has made a copy of the script, changed the title to something which appeals to everyone and let it free on orkut.”
That’s hilaroius!! Through out my past six years of experience in Information Security and Cyber Law this is first and foremost important fact ” Security concern through internal threats within company”. There are lots of papers out on internet for protecting company environment through internal threats. This is also one example of that if is it so. According to Rohit Sharma of InnoBuzz , that script was just a demo in their internal and limited environment and somebody copied and circulated resulting spam DDOS of their website. Is it legal to present demo with Live social networking website “Orkut” and where is the limitation?
That’s more worst, they are teaching “Ethical hacking” like courses and they don’t know how to give demo? I am of opinion that they did intentionally for advertisement anyway here you can find more info about that script.
UPDATE: “Finally, Google has closed the website and the script” – Rohit Sharma
Close the Company as well !!!!! 🙂
K\'LL3r 
February 21, 2008 at 5:38 pm
Thank you for your very nice comments.
I hereby fully accept that I had launched this script on orkut while a training class for CISE was going on. I was showing my students the flaw which exists on orkut and how easy it is to send scraps to all the friends of a person who opens your script.
The script was demonstrated on a few trial accounts, which i can provide you link to, if you require. Even the message clearly mentioned that the script is about Hacking and sending messages.
However, someone copied the script and changed the headings to something like \”Check your orkut RANKING\”. Since this was very appealing, a lot of people used the script and around 65,000 people have executed this script at this point in time. The reason why I am able to give this figure is because, every time the script was executed, a message was sent to a profile which I had previously created.
This training is not included in the Course Curriculum of Innobuzz Knowledge Solutions and Innobuzz is in no way responsible for this. I showed this to the students since they requested me for the same.
I hereby would like say sorry to everyone who has faced discomfort because of the script.
Im not proving anything here but would just like let you know that the script was made on purpose by someone to bring our website down. The script included a image which was leeched from our website. Every second around 50-60 requests were coming for this image and some files which lead to a some what DDOS attack on our website.
We have much better ways to advertise then on orkut which does not have our target audience aswell.
If you have any more questions, I would be happy to answer them.
June 19, 2008 at 1:45 pm
Somehow i missed the point. Probably lost in translation 🙂 Anyway … nice blog to visit.
cheers, Expandable!!
February 8, 2009 at 9:48 am
This is not a fare means to advertise
April 22, 2009 at 6:53 am
Not that I’m impressed a lot, but this is a lot more than I expected when I stumpled upon a link on SU telling that the info is quite decent. Thanks.