Orkut worm feeds on scraps
PrintFrom social networking to social engineering
Posted in Malware, 29th February 2008 23:21 GMT
Free whitepaper – Taking control of your data demons: Dealing with unstructured content
Malware authors have written a worm for Orkut, Google-owned networking site that's big in Brazil.
The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video.
People who click on the link are redirected to an external site hosting malware that's disguised as a Flash upgrade. Users duped into installing the software get malicious Javascript code injected into their next active Orkut web session. This malicious scrapbook entry is then sent to all the victims' friends, recommencing the infection cycle.
An analysis by Symantec can be found here.
Judging by the counter on a web page associated with the malware (not the most reliable of indicators) about 13,000 users are already infected by the Scrapkut worm, which isn't - for now - doing anything particularly nasty other than spreading.
By contrast an earlier worm that spread across the Orkut network last December infected an estimated 655,000 people. Google plugged the cross-site scripting (XSS) error that made the attack possible hours later, thwarting tfurther propagation of that fast-spreading worm. ®
Free whitepaper – Taking control of your data demons: Dealing with unstructured content
Optimizing the data center for cost and efficiency
Taking control of your data demons: Dealing with unstructured content
Real-world server consolidation with Hyper-V
Selecting Server Processors to Reduce Total Cost
Improving Systems Agility