Orkut worm feeds on scraps
PrintFrom social networking to social engineering
Posted in Malware, 29th February 2008 23:21 GMT
Free whitepaper – The Dell Management Console and ITIL
Malware authors have written a worm for Orkut, Google-owned networking site that's big in Brazil.
The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.
People who click on the link are redirected to an external site hosting malware that's disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims' friends, recommencing the infection cycle.
An analysis by Symantec can be found here.
Judging by the counter on a web page associated with the malware (not the most reliable of indicators) about 13,000 users are already infected by the Scrapkut worm, which isn't - for now - doing anything particularly nasty other than spreading.
By contrast an earlier worm that spread across the Orkut network last December infected an estimated 655,000 people. Google plugged the cross-site scripting (XSS) error that made the attack possible hours later, thwarting tfurther propagation of that fast-spreading worm. ®
Free whitepaper – Blade learning lab and technical community
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Analyst Keynote: The Register Agile Data Center Summit
The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive