WebProNews

Google's recent addition of an Orkut feature for writing messages containing HTML code allowed someone to send a pesky worm through the network.

The worm has racked up almost 400,000 appearances in Orkut member profiles since it first appeared on Google's social networking site.

McAfee researcher Vinay Mahadik blamed the problem on Orkut not properly sanitizing code for rich content. Google only recently enabled "scraps" on Orkut to contain Flash and JavaScript.

People affected by the worm find themselves added to a group created by the worm's author. The worm sends itself in scraps to all of the friends the infected user has on Orkut. Mahadik said it appears the worm does not affect a person's machine in any way.

"As I am writing this blog, I have seen the scraps disappearing so it looks like Orkut/Google are fighting back," Mahadik said.

Speaking of Flash, Adobe just released a highly critical patch for Flash Player. People using Flash on Windows, Mac, and Linux are at risk of having their machines exploited with a malicious SWF file, and subject to being controlled remotely.